I receive one of the image spams it was sent through spamassassin via
procmail and was came through with the following score and hits.
X-Spam-Status: No, hits=3.3 required=5.0 tests=CP_RANDOMWORD_10=0.5,
DATE_IN_FUTURE_12_24=2.767,HTML_MESSAGE=0.001 autolearn=no
version=3.1.3
I have several local rules in place to catch these and they do not show on
this message so I ran it through spamassassin with a -D to see what the
issue is preventing the rules from hitting, and with -D it is being is
properly caught....
X-Spam-Status: Yes, hits=8.5 required=5.0 tests=AWL=-5.250,
CP_RANDOMWORD_10=0.5,DATE_IN_FUTURE_12_24=2.767,HTML_MESSAGE=0.001,
INLINE_IMAGE=0.5,INLINE_IMAGE2=10 autolearn=spam version=3.1.3
Any ideas why it's not getting scored twice the same way?
The image tag that should trigger my rules
img width=3D440 height=3D518 id=3D"_x0000_i1025"
src=3D"cid:image001.gif@01C6B970.969460A0"
The rules in question
rawbody LOCAL_INLINE_IMAGE /src\s*=\s*["']cid:/i
describe LOCAL_INLINE_IMAGE Inline Images
score LOCAL_INLINE_IMAGE 0.5
rawbody LOCAL_INLINE_IMAGE2 /src\s*=\s*["']cid:image001\.gif/i
describe LOCAL_INLINE_IMAGE2 Inline Image image001.gif
score LOCAL_INLINE_IMAGE2 10.0
From the runthrough with spamassassin -D
Content analysis details: (8.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.8 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date
0.0 HTML_MESSAGE BODY: HTML included in message
0.5 CP_RANDOMWORD_10 RAW: string of 10+ random words
0.5 LOCAL_INLINE_IMAGE RAW: Inline Images
10 LOCAL_INLINE_IMAGE2 RAW: Inline Image image001.gif
-5.2 AWL AWL: From: address is in the auto white-list
Once this is fixed so that these inline image spam are properly being
caught, I can start to repair the auto white list.
Suggestions?
