And once again the URI_BLACK shows how useful it can be by being ahead of the other URI-RBLS.
-- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: Randal, Phil [mailto:[EMAIL PROTECTED] > Sent: 17 March 2006 15:04 > To: users@spamassassin.apache.org > Subject: RE: This isn't being tagged > > Hmm, > > We're blocking loads of these: > > 2.91 DCC_CHECK Listed in DCC > (http://rhyolite.com/anti-spam/dcc/) > 2.00 HC_NEWS News of new spam > 0.10 HTML_70_80 Message is 70% to 80% HTML > 0.10 HTML_FONTCOLOR_RED HTML font color is red > 0.10 HTML_FONTCOLOR_UNSAFE HTML font color not in safe 6x6x6 > palette > 0.10 HTML_MESSAGE HTML included in message > 1.10 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence between 51 and > 100 > 1.05 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) > 2.50 RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net > 3.00 RCVD_IN_CBL Received via a host in cbl.abuseat.org. > 2.60 RCVD_IN_DYNABLOCK Sent directly from dynamic IP address > 3.00 RCVD_IN_PSBL Received via a relay in PSBL > 0.10 RCVD_IN_SORBS SORBS: sender is listed in SORBS > 3.00 RCVD_IN_SPAMHAUS_SBL_XBL Listed in SPAMHAUS SBL+XBL > 5.00 URIBL_BLACK Contains an URL listed in the URIBL blacklist > > HC_NEWS just checks for the word "news" in the Subject line. > > Cheers, > > Phil > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: Warren Howard [mailto:[EMAIL PROTECTED] > > Sent: 17 March 2006 14:40 > > To: Dimitri Yioulos; users@spamassassin.apache.org > > Subject: Re: This isn't being tagged > > > > On 03/17/2006 06:59 PM, Dimitri Yioulos wrote: > > > Hello to all. > > > > > > I apologize for earlier posts on this subject; they were > > tagged by the list > > > because I included the body of the spam which is being > > delivered to my users! > > > So, there's hope that I can quash this. I searched the > > archive, but didn't > > > find anything (my search criteria may have been wrong). > > > > > > Over the last few days, mail such as the following has not > > been tagged. The > > > subject is Re: Pharamacmky news. The subject will change > > slightly, as in re: > > > PharamaMzcy news. > > > > > > I have sa 3.0.4-1 (had a bit of trouble w/ 3.1.0, haven't > > tried reinstalling > > > yet) on a CentOS 3.6 box. I'm using a number of SARE > > rulesets, as well as > > > pyzor, razor, and dcc. My MTA is semdmail--8.12.11-4.RHEL3.1. > > > > > > Many thanks. > > > > > > Dimitri > > > > > > > Hi, > > > > Same problem for me (using Spamassassin 3.1.0). I keep > > feeding sa-learn > > the "Re: PharamaCFcy news", always the same style of message but each > > time slightly different, the drugs and prices are on the left and > > rubbish like this dacgvishJybzjjt is on the right. The spam > > mail itself > > is in html and the source has lots of this > > > > style > > =3D "float: right"> f </span>a<span=20 > > style > > =3D "float: right"> n </span>I<span=20 > > style > > =3D "float: right"> w </span>i<span=20 > > style > > =3D "float: right"> h </span>u<span=20 > > style > > =3D "float: right"> r </span>m <FONT color=3D#F5421A>$1<span=20 > > style > > =3D "float: right"> v </span>05</FONT> (3<span=20 > > style > > =3D "float: right"> Z9 </span>0 <span=20 > > style > > =3D "float: right"> q </span>p<span=20 > > style > > =3D "float: right"> w </span>i<span=20 > > style > > =3D "float: right"> y </span>l<span=20 > > style > > > > in it and no matter how much I feed to sa-learn I keep getting a Bayes > > score of 00 (BAYES_00=-2.599). > > > > I'm interested to know more about this type of SPAM and what people > > suspect is happening. > > > > > > Thanks, > > > > > > Warren. > > > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **********************************************************************
