On Wed, 17 Sep 2003, Chris Santerre wrote:
> Check out the header from a spam we just got. Kind of funny in a sad way:
>
> ([EMAIL PROTECTED] is all I changed.)
>
> Received: from dazzlingstuarts.net ([218.5.5.35])
> by moglobal.com (8.12.5/8.12.5) with SMTP id h8HK6Sin019272
> for <[EMAIL PROTECTED]>; Wed, 17 Sep 2003 16:06:30 -0400
> x-transfer-number: 0
> Received: from 934fSiai6.dazzlingstuarts.net by dazzlingstuarts.net for
> [EMAIL PROTECTED]; Thu, 18 Sep 2003 03:44:38 -0600
> X-TRANSFER-NUMBER: 57
> X-transfer-number: 4QSf
[BIG snip...]
> x-transfer-number: 6
> X-TRANSFER-STAMP: B
> X-Priority: 3
> X-transfer-stamp:
> Date: Thu, 18 Sep 2003 03:44:38 -0600
> X-Spam-Status: Yes, hits=8.5 required=5.0
> tests=AF_MEDICAMENTOS,DATE_IN_FUTURE_12_24,FORGED_YAHOO_RCVD,
> HTTP_USERNAME_USED,MISSING_MIMEOLE,MY_AT_IN_URI,MY_DOT_BIZ,
> MY_FNY_WWW,SPAM_PHRASE_00_01
> version=2.43
> X-Spam-Flag: YES
> X-Spam-Level: ********
> X-Spam-Checker-Version: SpamAssassin 2.43 (1.115.2.20-2002-10-15-exp)
> X-Spam-Report: 8.50 hits, 5 required;
> * 2.5 -- BODY: Medicamento encontrado
> * 0.8 -- BODY: Spam phrases score is 00 to 01 (low)
> * 0.7 -- BODY: Found an @ in a link.
> * 1.5 -- URI: Uses a username in a URL
> * 0.3 -- URI: Funny WWW address.
> * 0.3 -- URI: A .biz found in url.
> * 1.4 -- 'From' yahoo.com does not match 'Received' headers
> * 0.5 -- Date: is 12 to 24 hours after Received: date
> * 0.5 -- Message has X-MSMail-Priority, but no X-MimeOLE
>
> Chris Santerre
> System Admin and SA Custom Rules Emporium keeper
Ah, bayes poison fodder.
You really should consider using some DSBLs, that IP address [218.5.5.35]
hit 10 of mine.
% rbl_check.pl 218.5.5.35
host 218.5.5.35 resolves to 127.1.0.8 from RBL-Plus
host 218.5.5.35 resolves to 127.0.0.2 from list.dsbl.org
host 218.5.5.35 resolves to 127.0.0.2 from unconfirmed.dsbl.org
host 218.5.5.35 resolves to 127.0.0.2 from bl.spamcop.net
host 218.5.5.35 resolves to 127.0.0.2 from proxies.relays.monkeys.com
host 218.5.5.35 resolves to 127.0.0.2 from spews.bl.reynolds.net.au
host 218.5.5.35 resolves to 127.0.0.2 from blackholes.easynet.nl
host 218.5.5.35 resolves to 127.0.0.6 from dnsbl.sorbs.net
host 218.5.5.35 resolves to 127.0.0.2 from cbl.abuseat.org
host 218.5.5.35 resolves to 127.0.0.2 from relays.visi.com
host 218.5.5.35 resolves to 127.1.0.20 from opm.blitzed.org
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
