-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 arni schrieb: > Raymond Myren schrieb: >> Hello, >> >> Just today I started receiving spam mails with attached .pdf files >> with a spam image. >> Any ideas how to stop this spam type? >> >> \raymond > as i said several times on this maillist now, i've never had any of > these mails get through, here is how the current ones score: > > X-Spam-Status: Yes, score=16.6 required=5.0 tests=BAYES_99,BOTNET, > BOTNET_NORDNS,DCC_CHECK,DKIM_POLICY_SIGNSOME,HTML_MESSAGE,LOGINHASH1, > LOGINHASH2,MIME_HTML_MOSTLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RDNS_NONE > > autolearn=no version=3.2.0 > X-Spam-Report: * 5.5 BAYES_99 BODY: Bayesian spam probability is 99 > to 100% > * [score: 1.0000] > * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS > * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in > bl.spamcop.net > * [Blocked - see <http://www.spamcop.net/bl.shtml?85.138.88.254>] > * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL > * [85.138.88.254 listed in zen.spamhaus.org] > * 3.0 BOTNET Relay might be a spambot or virusbot > * [botnet0.7,ip=85.138.88.254,nordns] > * 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says > domain > * signs some mails > * 0.0 BOTNET_NORDNS Relay's IP address has no PTR record > * [botnet_nordns,ip=85.138.88.254] > * 0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME > * 0.0 HTML_MESSAGE BODY: HTML included in message > * 1.5 LOGINHASH2 BODY: mail has been classified as spam @ unknown > company, > * Germany > * 1.5 LOGINHASH1 BODY: mail has been classified as spam @ > LogIn&Solutions > * AG, Germany > * 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) > > arni > you are in a luck, you are a "late reciever" of that spam, so it was detected by others before ( look at your headers ) but it wasnt detected by i.e a plain pdf_spam rule/solution ( like fuzzy_ocr etc ) this is what i am looking for
- -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Germany -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGgnMlfGH2AvR16oERArCeAJ9rcyFXiYo+VbG7OlO10x0uKjb63gCeNa5b iFWSeK/3nW2p5DFI95Uqs4g= =SxM8 -----END PGP SIGNATURE-----
