The attached spam came through with only 3.3 points using SA 2.42. It's
the second message I've received in three days which obviously came from
the same source and scored under the default of 5 points. Even when I
was running with a required_hits of 4, these still would've snuck
through.
Two of the rules that it triggered were USER_AGENT_MUTT and
USER_AGENT_OE. This was obviously intended to get around SA or other
filters.
Should there be a rule for messages which claim to have two different
clients generating it?
--
Steve Thomas
Network Administrator
APEX Voice Communications, Inc.
[EMAIL PROTECTED]
From [EMAIL PROTECTED] Sat Oct 12 10:42:45 2002
Return-Path: <[EMAIL PROTECTED]>
Received: from mailcity.com (mta7-mail.mail.lycos.com [209.202.220.137])
by host.example.com (8.12.3/8.12.3) with SMTP id g9CHge5q023661
for <[EMAIL PROTECTED]>; Sat, 12 Oct 2002 10:42:43 -0700
Date: Sat, 12 Oct 2002 10:42:43 -0700
Message-Id: <[EMAIL PROTECTED]>
Received: from Unknown/Local ([?.?.?.?]) by mailcity.com; Sat, 12 Oct 2002 17:37:22
-0000
From: Mike E Likesit<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Importance: Normal
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Received: from 205.203.186.106 ([205.203.186.106]) by sydint1.microthink.com.au with
local; Sat, 12 Oct 2002 10:44:53 -0400
User-Agent: Mutt/1.4i
X-Forwarding: Original message sent from [EMAIL PROTECTED] to [EMAIL PROTECTED]
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-Priority: 3 (Normal)
Subject: Sweet girls love their toys 4/13/02
X-Msmail-Priority: : Normal
X-Envelope-Sender: [EMAIL PROTECTED]
Content-Type: multipart/mixed; boundary="===============4034930409438453=="
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-milter (http://amavis.org/)
X-Spam-Status: No, hits=3.3 required=5.0
tests=BASE64_ENC_TEXT,FORGED_RCVD_FOUND,IN_REP_TO,
MISSING_MIMEOLE,MSG_ID_ADDED_BY_MTA_2,NORMAL_HTTP_TO_IP,
REMOVE_PAGE,SPAM_PHRASE_00_01,SUBJECT_HAS_DATE,TRACKER_ID,
UNSUB_SCRIPT,USER_AGENT,USER_AGENT_MUTT,USER_AGENT_OE
version=2.42
X-Spam-Level: ***
X-Keywords:
X-UID: 23825
Status: RO
Content-Length: 1534
Lines: 27
This is a multi-part message in MIME format.
You need a MIME compliant mail reader to completely decode it.
--===============4034930409438453==
Mime-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1212
Content-Transfer-Encoding: base64
PGh0bWw+CjxoZWFkPgo8dGl0bGU+ZXZlcnlkYXkgaXMgYSBnb29kIGRheTwvdGl0bGU+CjwvaGVh
ZD4KPGJvZHkgbGluaz0iI0ZGODAwMCIgdmxpbms9IiNGRjgwMDAiPgo8cD5HaXJscyBsb3ZlIHRo
ZWlyIHRveXMuICBTZWUgdGhlbSBoYXZlIDxhIGhyZWY9Imh0dHA6Ly82NS4yMDUuOTguMjA4L2Rk
MS8iPmZ1biB3aXRoIHRoZW1zZWx2ZXM8L2E+Li4uLjxicj4KPGEgaHJlZj0iaHR0cDovLzY1LjIw
NS45OC4yMDgvZGQxLyI+PGltZyB3aWR0aD0iMjAwIiBoZWlnaHQ9IjMwMCIgc3JjPSJodHRwOi8v
NjUuMjA1Ljk4LjIwOC9kZDEvZDEuanBnIj48L2E+PGJyPgo8cD5UaGVuIHNlZSB0aGVtIGhhdmUg
ZXZlbiBtb3JlIGZ1biB3aXRoIDxhIGhyZWY9Imh0dHA6Ly82NS4yMDUuOTguMjA4L2RkMS8iPnRo
ZWlyIGZyaWVuZHMhPC9hPjxicj4KPGEgaHJlZj0iaHR0cDovLzY1LjIwNS45OC4yMDgvZGQxLyI+
PGltZyB3aWR0aD0iMzYxIiBoZWlnaHQ9IjI1MCIgc3JjPSJodHRwOi8vNjUuMjA1Ljk4LjIwOC9k
ZDEvZDIuanBnIj48L2E+PGJyPgpEbyBub3QgbWlzcyBvdXQgb24gYW55IG9mIHRoaXMgPGEgaHJl
Zj0iaHR0cDovLzY1LjIwNS45OC4yMDgvZGQxLyI+ZmFzdCBwYWNlZCBkaWxkbyBhY3Rpb248L2E+
LiAKQ29tZSBjaGVjayBpdCBhbGwgb3V0IDxhIGhyZWY9Imh0dHA6Ly82NS4yMDUuOTguMjA4L2Rk
MS8iPm5vdzwvYT4uCjxicj48YnI+PGJyPjxicj48YnI+YzNSbGRtVjBhRzl0WVhOQWJIbGpiM011
WTI5dAo8YnI+PGJyPjxicj48YnI+PGEgaHJlZj0iaHR0cDovLzY1LjIwNS45OC4yMDgvY2dpLWJp
bi9yZW1vdmUuY2dpIj5yZTwvYT5tPGEgaHJlZj0iaHR0cDovLzY1LjIwNS45OC4yMDgvY2dpLWJp
bi9yZW1vdmUuY2dpIj5vdmU8L2E+IG1lCjwvYm9keT4KPC9odG1sPgoK
--===============4034930409438453==--
