Loren Wilton schrieb:
How can I see in mail header about if network tests run?
You would see tests like SURBL and other net tests hitting. For instance:
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?222.100.230.130>]
3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[222.100.230.130 listed in sbl-xbl.spamhaus.org]
1.6 DNS_FROM_RFC_POST RBL: Envelope sender in
postmaster.rfc-ignorant.org
1.0 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: iprohealth.info]
0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
[URIs: iprohealth.info]
4.0 URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
[URIs: iprohealth.info]
1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: iprohealth.info]
3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: iprohealth.info]
4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: iprohealth.info]
All of those are network tests. There are also more than that.
Is it enough to not post the mail bodies, only the headers here to get
helped to set better rules?
We can tell you what hit from the headers and possibly suggest things from
that. To be definitive we would need to see the body also.
However, as a general rule if you get net tests working and perhaps pick up
some rules from rulesemporium, you should be doing pretty well.
Loren
I have changed the set the REPORT_SAFE to 2 now and get the headers.
What you see it are network tests running or not?
----
From - Sat Jul 9 12:58:05 2005
X-UIDL: 1120906515.M816654P13835051595651361458.host1
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: from localhost by host1.booms-edv.de
with SpamAssassin (version 3.0.4);
Sat, 09 Jul 2005 12:55:05 +0200
From: "Juliana Cope" <[EMAIL PROTECTED]>
To: "Thomas.booms" <[EMAIL PROTECTED]>
Subject: ***SPAM*** Try Vi:agra Today
Date: Sat, 09 Jul 2005 04:47:57 -0700
Message-Id: <[EMAIL PROTECTED]>
X-Spam-Level: **************
X-Spam-Status: Yes, score=14.7 required=1.5 tests=BAYES_99,DRUGS_ERECTILE,
DRUGS_ERECTILE_OBFU,HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,
MIME_BOUND_DD_DIGITS,RCVD_BY_IP,SUBJECT_DRUG_GAP_VIA autolearn=no
version=3.0.4
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on host1.booms-edv.de
X-Spam-Report:
* 0.1 RCVD_BY_IP Received by mail server with no name
* 4.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP
addr 1)
* 0.3 SUBJECT_DRUG_GAP_VIA Subject contains a gappy version of 'viagra'
* 1.2 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)
* 4.1 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 0.2 DRUGS_ERECTILE Refers to an erectile drug
* 0.9 DRUGS_ERECTILE_OBFU Obfuscated reference to an erectile drug
X-Spam-Flag: YES
----
Thomas
--
Booms EDV
- hosting & more -
Herrenstrasse 10
D-59073 Hamm
www.booms-edv.de
[EMAIL PROTECTED]
