Randy Ramsdell schrieb: > On 09/13/11 10:08, Martin Gregorie wrote: >> On Tue, 2011-09-13 at 09:48 -0400, Randy Ramsdell wrote: >>> Each message uses a different server with different server name and I >>> see no patterns except the style. >>> >>> http://pastebin.com/sJp7Gb75 >>> >> That scored around 12.6 here and all from the standard SA 3.3.2 ruleset. >> However, quite a bit of the score was from blacklists. >> >> Martin >> >> > It scored 3+ here . Using 3.2.5 ( opensuse patched ) . I am looking > for some way to score this higher on our setup. Maybe posting your > rule hits would help. > > Thanks, > RCR >
I ran it through my SA servers and it hit these rules: 17.9/5.0 Score: 17.9 Required: 5.0 Tests: BAYES_80,DG_SPAMMER_EMAIL_F,HTML_MESSAGE,MIME_HTML_MOSTLY,MPART_ALT_DIFF,RCVD_IN_BRBL_LASTEXT,RDNS_NONE,TO_MALFORMED,TO_NO_BRKTS_NORDNS,T_REMOTE_IMAGE,URIBL_DBL_SPAM,URIBL_WS_SURBL 2.1 TO_MALFORMED To: has a malformed address 2.6 DG_SPAMMER_EMAIL_F DG_SPAMMER_EMAIL_F 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [184.171.166.16 listed in bb.barracudacentral.org] 2.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: lbethity.com] 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist [URIs: lbethity.com] 5.5 BAYES_80 BODY: Bayes spam probability is 80 to 95% [score: 0.8623] 0.4 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME 0.0 HTML_MESSAGE BODY: HTML included in message 0.8 MPART_ALT_DIFF BODY: HTML and text parts are different 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 T_REMOTE_IMAGE Message contains an external image 0.0 TO_NO_BRKTS_NORDNS To: misformatted and no rDNS Hope this helps. bye SK