On Tue, 2010-10-19 at 22:41 +0100, Ned Slider wrote: > On 19/10/10 22:34, Dennis German wrote: > > I am surprised this plain text spam did not trip for US$350,000 > > sa 3.2.4
Uhm, a generic amount of money on it's own is not a sign of spam. You know, some people do deal with and talk about money... > It hits a stack of rules here (some are my own scoring) - looks like > it's time to upgrade to SA 3.3.1. > * 6.0 BAYES_99 BODY: Bayes spam probability is 99 to 100% > * [score: 0.9999] > * 25 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT > * [148.208.170.3 listed in bb.barracudacentral.org] Seriously? Or is that a score typo in your cf files? > * 3.0 RCVD_IN_JMF_BL RBL: Relay listed in JunkEmailFilter BLACK > (bad) > * [148.208.170.3 listed in hostkarma.junkemailfilter.com] BRBL and JMF are easy enough to add to an existing 3.2.x installation. > * 1.0 MISSING_HEADERS Missing To: header Stock 3.2.x, scored even slightly higher. > * 3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text > patterns Easy enough to add to 3.2.x via sa-update. Recommended. Bayes of course also is part of stock 3.2.x. ;) Plethora of new fraud rules snipped. -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}