Le 06/07/2009 14:22, RW a écrit :
http://pelorus.org/spammy.txt
>
That's odd, I get MISSING_DATE, MISSING_HB_SEP, MISSING_HEADERS,
MISSING_MID, MISSING_SUBJECT too, even though all the headers are there.
So do I until I get rid of the extraneous carriage return in the
following received line:
Received: from outbound-mail-324.bluehost.com
(outbound-mail-324.bluehost.com [67.222.55.5])
After which it passes through fine - and hits very few vanilla SA sules,
though BOTNET and the MEDS rule that was posted to the list recently
help push it over the spam threshold:
pts rule name description
---- ---------------------- --------------------------------------------------
0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[88.73.93.76 listed in zen.spamhaus.org]
0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[88.73.93.76 listed in dnsbl.sorbs.net]
3.0 local_OBFU_WWW_MEDS BODY: obfuscated www. domainnn .com
0.5 BOTNET_CLIENTWORDS Hostname contains client-like substrings
[botnet_clientwords,ip=88.73.93.76,rdns=dslb-088-073-093-076.pools.arcor-ip.net]
1.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
[botnet_ipinhosntame,ip=88.73.93.76,rdns=dslb-088-073-093-076.pools.arcor-ip.net]
1.5 BOTNET_CLIENT Relay has a client-like hostname
[botnet_client,ip=88.73.93.76,rdns=dslb-088-073-093-076.pools.arcor-ip.net,ipinhostname,clientwords]
0.1 RDNS_DYNAMIC Delivered to trusted network by host with
dynamic-looking rDNS
John.
--
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr