James Again from James Grey's rules - local_body.cf
-- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: news [mailto:[EMAIL PROTECTED] On Behalf Of Jeremy Fairbrass > Sent: 27 March 2006 15:00 > To: users@spamassassin.apache.org > Subject: Re: Spam getting through. Getting flooded. > > Could you also kindly share where BODY_GAPPY_TEXT comes from? I don't seem > to have that one. > > Cheers, > Jeremy > > > > > "Martin Hepworth" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Martin > > > > Here's the rules that I get hits for.. > > > > Content analysis details: (18.8 points, 5.0 required) > > > > pts rule name description > > ---- ---------------------- > > -------------------------------------------------- > > 2.5 MISSING_HB_SEP Missing blank line between message header and > > body > > 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay > > lines > > 0.2 MISSING_HEADERS Missing To: header > > 1.9 BODY_GAPPY_TEXT BODY: Body contains g.a.p.p.y t-e-x-t, e_t_c > > 4.8 BAD_ART_COM URI: Link to 'art.com' or 'art.com.com' > > 3.2 RAW_INLINE_GFX RAW: Found inline GIF/JPEG file - usually > spam. > > 0.8 SARE_GIF_ATTACH FULL: Email has a inline gif > > 1.3 MISSING_SUBJECT Missing Subject: header > > 0.1 TO_CC_NONE No To: or Cc: header > > 0.9 FM_NO_STYLE FM_NO_STYLE > > 2.5 FM_NO_FROM_OR_TO FM_NO_FROM_OR_TO > > 0.5 FM_NO_TO FM_NO_TO > > > > > > The FM rules are in www.rulesemporium.com/other-rules.htm and the freds > > rules collections..also check you've got the URI plugin working and > > installed.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: Martin [mailto:[EMAIL PROTECTED] > >> Sent: 27 March 2006 08:54 > >> To: users@spamassassin.apache.org > >> Subject: Spam getting through. Getting flooded. > >> > >> Hi, > >> > >> Recently i've been getting lots of a particular spam getting through. > >> Below is full header and body of the spam. Note: I'm not using Bayes: > >> > >> > >> Received: from host81-129-48-97.range81-129.btcentralplus.com > >> (host81-129-48-97.range81-129.btcentralplus.com [81.129.48.97]) > >> by **************** (Postfix) with SMTP id 5F2BD13886 > >> for <[EMAIL PROTECTED]>; Sun, 26 Mar 2006 11:32:29 +0200 (CEST) > >> Received: from [81.129.183.137] (helo=nnq) > >> by host81-129-48-97.range81-129.btcentralplus.com with smtp (Exim > >> 4.50) > >> id 1FNRX4-0004TA-PY > >> for [EMAIL PROTECTED]; Sun, 26 Mar 2006 09:27:34 +0000 > >> Message-ID: <[EMAIL PROTECTED]> > >> From: "Diana Riggs" <[EMAIL PROTECTED]> > >> To: <[EMAIL PROTECTED]> > >> Subject: deviation crinkle > >> Date: Sun, 26 Mar 2006 09:22:42 +0000 > >> MIME-Version: 1.0 > >> Content-Type: multipart/related; > >> type="multipart/alternative"; > >> boundary="----=_NextPart_000_0001_01C650BF.D47682FA" > >> X-Priority: 3 > >> X-MSMail-Priority: Normal > >> X-Mailer: Microsoft Outlook Express 6.00.2800.1106 > >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > >> X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on > >> aspam.idkommunikation.com > >> X-Spam-Level: **** > >> X-Spam-Status: No, score=4.7 required=5.0 tests=EXTRA_MPART_TYPE, > >> HELO_DYNAMIC_IPADDR,HTML_50_60,HTML_IMAGE_ONLY_12,HTML_MESSAGE, > >> RCVD_IN_SORBS_DUL autolearn=disabled version=3.0.2 > >> > >> This is a multi-part message in MIME format. > >> > >> ------=_NextPart_000_0001_01C650BF.D47682FA > >> Content-Type: multipart/alternative; > >> boundary="----=_NextPart_001_0002_01C650BF.D4768304" > >> > >> > >> ------=_NextPart_001_0002_01C650BF.D4768304 > >> Content-Type: text/plain; > >> charset="windows-1252" > >> Content-Transfer-Encoding: quoted-printable > >> > >> ------=_NextPart_001_0002_01C650BF.D4768304 > >> Content-Type: text/html; > >> charset="windows-1252" > >> Content-Transfer-Encoding: quoted-printable > >> > >> ------=_NextPart_001_0002_01C650BF.D4768304-- > >> > >> ------=_NextPart_000_0001_01C650BF.D47682FA > >> Content-Type: image/gif; > >> name="disapproval.gif" > >> Content-Transfer-Encoding: base64 > >> Content-ID: <[EMAIL PROTECTED]> > >> > >> ------=_NextPart_000_0001_01C650BF.D47682FA-- > >> > >> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > >> <HTML><HEAD> > >> > >> <META content="MSHTML 6.00.2800.1106" name=GENERATOR> > >> <STYLE></STYLE> > >> </HEAD> > >> <BODY bgColor=#ffffff> > >> <DIV><FONT face=Arial size=2>regretful strenuously a in exclamation, > gal, > >> intercede the an occupancy. of </FONT></DIV> > >> <DIV><FONT face=Arial size=2>motorcade multiple-choice entitle > >> inclination > >> shock wave, garnish, irreverence streamline. on renounce to youth > hostel > >> the > >> </FONT></DIV> > >> <DIV><FONT face=Arial size=2><IMG alt="" hspace=0 > >> src="cid:000001c650b7$72b21afa$89b78151@nnq" align=baseline > >> border=0></FONT></DIV> > >> <DIV><FONT face=Arial size=2>pistachio bleakly timetable, and twig > >> protector > >> totem pole the epitaph but hype the authenticity, marker </FONT></DIV> > >> <DIV><FONT face=Arial size=2>miles. in circuitous investigator as caper > >> jilt > >> the nostalgic,. to magnetize albino next puny chiropractor. and > >> outstandingly!!! marker </FONT></DIV> > >> <DIV><FONT face=Arial size=2>upsurge sculptor perversity a elementary > >> school > >> anthology moron, on that double-park. </FONT></DIV></BODY></HTML> > >> > >> > >> > >> > >> I'm getting alot of these type of spams. Anyone got a rule for catching > >> these? > >> > >> Thanks in advance > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **********************************************************************
