On 09/13/11 10:27, Stefan König wrote:
Randy Ramsdell schrieb:
On 09/13/11 10:08, Martin Gregorie wrote:
On Tue, 2011-09-13 at 09:48 -0400, Randy Ramsdell wrote:
Each message uses a different server with different server name and I
see no patterns except the style.
http://pastebin.com/sJp7Gb75
That scored around 12.6 here and all from the standard SA 3.3.2 ruleset.
However, quite a bit of the score was from blacklists.
Martin
It scored 3+ here . Using 3.2.5 ( opensuse patched ) . I am looking
for some way to score this higher on our setup. Maybe posting your
rule hits would help.
Thanks,
RCR
I ran it through my SA servers and it hit these rules:
17.9/5.0
Score: 17.9
Required: 5.0
Tests:
BAYES_80,DG_SPAMMER_EMAIL_F,HTML_MESSAGE,MIME_HTML_MOSTLY,MPART_ALT_DIFF,RCVD_IN_BRBL_LASTEXT,RDNS_NONE,TO_MALFORMED,TO_NO_BRKTS_NORDNS,T_REMOTE_IMAGE,URIBL_DBL_SPAM,URIBL_WS_SURBL
2.1 TO_MALFORMED To: has a malformed address
2.6 DG_SPAMMER_EMAIL_F DG_SPAMMER_EMAIL_F
1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
[184.171.166.16 listed in
bb.barracudacentral.org]
2.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: lbethity.com]
1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
[URIs: lbethity.com]
5.5 BAYES_80 BODY: Bayes spam probability is 80 to 95%
[score: 0.8623]
0.4 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
0.8 RDNS_NONE Delivered to internal network by a host with
no rDNS
0.0 T_REMOTE_IMAGE Message contains an external image
0.0 TO_NO_BRKTS_NORDNS To: misformatted and no rDNS
Hope this helps.
bye
SK
Your BAYES_80 is real high scoring. Did you change that?
RCR