On Tue, 2010-10-19 at 22:41 +0100, Ned Slider wrote:
> On 19/10/10 22:34, Dennis German wrote:
> > I am surprised this plain text spam did not trip for US$350,000
> > sa 3.2.4
Uhm, a generic amount of money on it's own is not a sign of spam. You
know, some people do deal with and talk about money...
> It hits a stack of rules here (some are my own scoring) - looks like
> it's time to upgrade to SA 3.3.1.
> * 6.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
> * [score: 0.9999]
> * 25 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
> * [148.208.170.3 listed in bb.barracudacentral.org]
Seriously? Or is that a score typo in your cf files?
> * 3.0 RCVD_IN_JMF_BL RBL: Relay listed in JunkEmailFilter BLACK
> (bad)
> * [148.208.170.3 listed in hostkarma.junkemailfilter.com]
BRBL and JMF are easy enough to add to an existing 3.2.x installation.
> * 1.0 MISSING_HEADERS Missing To: header
Stock 3.2.x, scored even slightly higher.
> * 3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text
> patterns
Easy enough to add to 3.2.x via sa-update. Recommended.
Bayes of course also is part of stock 3.2.x. ;) Plethora of new fraud
rules snipped.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
