On Fri, 2009-05-22 at 12:07 +0200, Yet Another Ninja wrote: > FYI: > > The EmailBL test zone period has been extended to July 1st.
Since it has been extended, I decided to go ahead and fire it up this morning. I'm mainly looking at overlap. It seems to be relatively distinct from other tests that are looking for 419 scams: $ grep EMAILBL_TEST_LEM= /var/log/mail/info | grep -P -o 'tests=.+?\]' | grep -o -P '[\w_]+?=' | sort | uniq -c | sort -rn 67 tests= 67 EMAILBL_TEST_LEM= 62 EMAILBL_TEST_LEM_REPLYTO= 42 FORGED_MUA_OUTLOOK= 41 ADVANCE_FEE_2= 40 L_P0F_Linux= 38 EMAILBL_TEST_LEM_BODY= 33 MSOE_MID_WRONG_CASE= 31 EMAILBL_TEST_LEM_FROM= 29 RCVD_IN_BRBL_RELAY= 28 SUBJ_ALL_CAPS= 27 RAZOR2_CHECK= 26 ADVANCE_FEE_3= 24 UNOFFICIAL= 23 RELAY_US= 22 SARE_FRAUD_X3= 22 MILLION_USD= 22 JM_SOUGHT_FRAUD_3= 21 RAZOR2_CF_RANGE_51_100= 21 BOTNET_SOHO= 20 RAZOR2_CF_RANGE_E4_51_100= 20 HTML_MESSAGE= 20 BOTNET_OTHER= 18 RCVD_IN_BL_SPAMCOP_NET= 18 JM_SOUGHT_FRAUD_2= 17 L_UNVERIFIED_GMAIL= 16 RCVD_IN_SORBS_WEB= 16 ADVANCE_FEE_4= 15 SPF_NEUTRAL= 14 US_DOLLARS_3= 13 SARE_FRAUD_X4= 13 RELAY_CN= 13 RDNS_NONE= 12 SPF_SOFTFAIL= 12 RELAY_NG= 12 RAZOR2_CF_RANGE_E4_100= 12 MIME_HTML_ONLY= 11 RELAY_TW= 11 RCVD_IN_INVLSIP_RELAY= 11 L_P0F_W= 10 UPPERCASE_75_100= 10 SPF_PASS= 10 L_P0F_Unix= 9 FORGED_OUTLOOK_TAGS= 9 FORGED_OUTLOOK_HTML= 9 DEAR_FRIEND= 8 RDNS_DYNAMIC= 7 URG_BIZ= 7 RCVD_IN_SBL= 6 SARE_FRAUD_X5= 6 L_P0F_UNKN= 6 HTML_MIME_NO_HTML_TAG= 5 XMAILER_MIMEOLE_OL_1ECD5= 5 JM_SOUGHT_FRAUD_1= 4 UNPARSEABLE_RELAY= 4 NA_DOLLARS= 4 L_UNVERIFIED_YAHOO= 3 SARE_FRAUD_X6= 3 MIME_QP_LONG_LINE= 3 INVALID_MSGID= 3 DEAR_SOMETHING= 2 SPF_HELO_PASS= 2 SPF_FAIL= 2 SARE_SXLIFE= 2 RELAY_KR= 2 RELAY_BR= 2 RCVD_IN_NJABL_PROXY= 2 MSGID_FROM_MTA_HEADER= 2 FREEMAIL_REPLYTO= 2 FREEMAIL_FROM= 2 FORGED_HOTMAIL_RCVD2= 2 FAKE_REPLY_C= 2 DKIM_VERIFIED= 2 DKIM_SIGNED= 2 DATE_IN_PAST_12_24= 2 DATE_IN_PAST_03_06= 2 DATE_IN_FUTURE_06_12= 2 BOTNET_W= 1 URIBL_RHS_DOB= 1 URIBL_OB_SURBL= 1 URIBL_INVL= 1 UPPERCASE_50_75= 1 SARE_UNSUB38= 1 SARE_PROLOSTOCK_SYM3= 1 SARE_LWOILCO= 1 RELAY_RU= 1 RCVD_IN_INVLSIP24_RELAY= 1 RCVD_IN_DNSWL_MED= 1 RCVD_DOUBLE_IP_LOOSE= 1 RAZOR2_CF_RANGE_E8_51_100= 1 RAZOR2_CF_RANGE_E8_100= 1 MPART_ALT_DIFF= 1 KAM_LOTTO1= 1 HTML_FONT_SIZE_LARGE= 1 FUZZY_AMBIEN= 1 FORGED_YAHOO_RCVD= 1 FIN_FREE= 1 FB_WORD1_END_DOLLAR= 1 DATE_IN_FUTURE_12_24= 1 CHARSET_FARAWAY_HEADER= -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
signature.asc
Description: This is a digitally signed message part