OMG! What kind of server are you running this on?
QQQQ ----- Original Message ----- From: "Tracey Gates" <[EMAIL PROTECTED]> To: <users@spamassassin.apache.org> Sent: Wednesday, March 08, 2006 10:47 AM Subject: RE: Drug email keeps getting thru | Here is a list of the rulesets that I'm using: | | 70_sare_adult.cf 70_sare_unsub.cf | 70_sare_bayes_poison_nxm.cf 70_sare_uri0.cf | 70_sare_evilnum0.cf 70_sare_uri1.cf | 70_sare_evilnum1.cf 70_sare_uri3.cf | 70_sare_evilnum2.cf 70_sare_uri.cf | 70_sare_genlsubj0.cf 70_sare_uri_eng.cf | 70_sare_genlsubj1.cf 70_sc_top200.cf | 70_sare_genlsubj2.cf 72_sare_bml_post25x.cf | 70_sare_genlsubj3.cf 72_sare_redirect_post3.0.0.cf | 70_sare_genlsubj.cf 88_FVGT_body.cf | 70_sare_genlsubj_eng.cf 88_FVGT_headers.cf | 70_sare_genlsubj_x30.cf 88_FVGT_rawbody.cf | 70_sare_header0.cf 88_FVGT_subject.cf | 70_sare_header1.cf 88_FVGT_uri.cf | 70_sare_header2.cf 99_FVGT_meta.cf | 70_sare_header3.cf 99_FVGT_Tripwire.cf | 70_sare_header.cf 99_sare_fraud_post25x.cf | 70_sare_header_eng.cf antidrug.cf | 70_sare_header_x264_x30.cf backhair.cf | 70_sare_header_x30.cf bogus-virus-warnings.cf | 70_sare_highrisk.cf chickenpox.cf | 70_sare_html0.cf init.pre | 70_sare_html1.cf local.cf | 70_sare_html2.cf local.cf.orig | 70_sare_html3.cf local.cf.rpmsave | 70_sare_html4.cf mangled.cf | 70_sare_html.cf random.cf | 70_sare_html_eng.cf random.current.cf | 70_sare_html_x30.cf rules_du_jour | 70_sare_oem.cf RulesDuJour | 70_sare_random.cf tripwire.cf | 70_sare_specific.cf weeds.cf | 70_sare_spoof.cf | | How do I tell if I have URIBL lookups enabled? | | I'm upping the scores for the drug rules within mangled.cf if see if | that helps. | | | Tracey Gates | Lead Developer | [EMAIL PROTECTED] | | 1350 South Boulder, Third Floor / Tulsa, OK 74119-3203 | Phone 918-663-0991 / Fax 918-663-0840 | | This communication is intended only for the recipient(s) named above; | may be confidential and/or legally privileged; and, must be treated as | such in accordance with state and federal laws. If you are not the | intended recipient, you are hereby notified that any use of this | communication, or any of its contents, is prohibited. If you have | received this communication in error, please reply to the sender and | then delete the message from your computer system immediately. | | | | -----Original Message----- | From: news [mailto:[EMAIL PROTECTED] On Behalf Of Jeremy | Sent: Wednesday, March 08, 2006 9:50 AM | To: users@spamassassin.apache.org | Subject: Re: Drug email keeps getting thru | | | Does the message body contain "mangled" (deliberately misspelled) drug | names? If so, you might find the mangled.cf ruleset at | http://www.rulesemporium.com/other-rules.htm to be useful - it helps my | setup a lot with those sorts of spams, especially the drug ones. You | might | even consider increasing the scores in mangled.cf for the drug-related | rules | within there, if that might help futher. Myself, I bumped the mangled | drug | rules in that ruleset right up, as I have no legitimate need to be | receiving | emails with mangled drug names in them. | | You could also create your own rule to filter for unique signs in the | email | such as the word "ParaLmcy" in the subject. Without seeing the spam's | body | it's hard to suggest anything else. Were there any URLs in the body? If | so, | do you have the URIBL lookups enabled in your setup? What about the SARE | | rules at http://www.rulesemporium.com/rules.htm, do you use any of | those? | It's possible that some of those may also help. | | Cheers, | Jeremy | | | | "Tracey Gates" <[EMAIL PROTECTED]> wrote in message | news:[EMAIL PROTECTED] | I keep getting these drug emails that antidrug.cf is suppose to catch | but it's not. The emails are scoring low. I've updated the antidrug.cf | rule. I've done sa-learn on them but we are still being inundated with | these "news" emails. What can I do to get these to stop? | | Here is the header from one of them: | *************** | Return-Path: <[EMAIL PROTECTED]> | Received: by yoursummit.com (CommuniGate Pro PIPE 4.3.8) | with PIPE id 2790021; Wed, 08 Mar 2006 03:21:07 -0600 | Received: from [66.50.88.167] (HELO clividian.co.za) | by yoursummit.com (CommuniGate Pro SMTP 4.3.8) | with SMTP id 2790026 for [EMAIL PROTECTED]; Wed, 08 Mar 2006 | 03:20:56 -0600 | Received-SPF: none | receiver=yoursummit.com; client-ip=66.50.88.167; | [EMAIL PROTECTED] | Message-ID: <[EMAIL PROTECTED]> | Reply-To: "Sumayya Lovvorn" <[EMAIL PROTECTED]> | From: "Sumayya Lovvorn" <[EMAIL PROTECTED]> | To: [EMAIL PROTECTED] | Subject: Re: ParaLmcy news | Date: Wed, 8 Mar 2006 04:20:19 -0500 | MIME-Version: 1.0 | Content-Type: multipart/alternative; | boundary="----=_NextPart_000_0001_01C64267.9C61FD10" | X-Priority: 3 | X-MSMail-Priority: Normal | X-Mailer: Microsoft Outlook Express 6.00.2800.1106 | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 | X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on | yoursummit.com | X-Spam-Level: | X-Spam-Status: No, score=-0.9 required=3.5 tests=BAYES_20,FM_NO_STYLE, | HTML_80_90,HTML_MESSAGE,UPPERCASE_25_50 autolearn=no version=3.0.2 | X-TFF-CGPSA-Version: 1.4 | X-TFF-CGPSA-Filter: Scanned | ************* | | | | Tracey Gates | Lead Developer | [EMAIL PROTECTED] | 1350 South Boulder, Third Floor / Tulsa, OK 74119-3203 | Phone 918-663-0991 / Fax 918-663-0840 | This communication is intended only for the recipient(s) named above; | may be confidential and/or legally privileged; and, must be treated as | such in accordance with state and federal laws. If you are not the | intended recipient, you are hereby notified that any use of this | communication, or any of its contents, is prohibited. If you have | received this communication in error, please reply to the sender and | then delete the message from your computer system immediately. | | | | | | | | | | |
