Robert Schetterer wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
arni schrieb:
Raymond Myren schrieb:
Hello,
Just today I started receiving spam mails with attached .pdf files
with a spam image.
Any ideas how to stop this spam type?
\raymond
as i said several times on this maillist now, i've never had any of
these mails get through, here is how the current ones score:
X-Spam-Status: Yes, score=16.6 required=5.0 tests=BAYES_99,BOTNET,
BOTNET_NORDNS,DCC_CHECK,DKIM_POLICY_SIGNSOME,HTML_MESSAGE,LOGINHASH1,
LOGINHASH2,MIME_HTML_MOSTLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RDNS_NONE
autolearn=no version=3.2.0
X-Spam-Report: * 5.5 BAYES_99 BODY: Bayesian spam probability is 99
to 100%
* [score: 1.0000]
* 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
* 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?85.138.88.254>]
* 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [85.138.88.254 listed in zen.spamhaus.org]
* 3.0 BOTNET Relay might be a spambot or virusbot
* [botnet0.7,ip=85.138.88.254,nordns]
* 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says
domain
* signs some mails
* 0.0 BOTNET_NORDNS Relay's IP address has no PTR record
* [botnet_nordns,ip=85.138.88.254]
* 0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.5 LOGINHASH2 BODY: mail has been classified as spam @ unknown
company,
* Germany
* 1.5 LOGINHASH1 BODY: mail has been classified as spam @
LogIn&Solutions
* AG, Germany
* 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
arni
you are in a luck,
you are a "late reciever" of that spam, so it was detected
by others before ( look at your headers )
but it wasnt detected by i.e a plain pdf_spam rule/solution
( like fuzzy_ocr etc )
this is what i am looking for
We have been catching them here no problem,
---------
3.00 BAYES_99 Bayesian spam probability is 99 to 100%
3.82 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
2)
2.19 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
IP)
0.29 RCVD_ILLEGAL_IP Received: contains illegal IP address
1.50 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
--------
3.00 BAYES_99 Bayesian spam probability is 99 to 100%
4.10 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
3.82 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
2)
A few slipping through though not many, no false posivtives reported so
far. Bayes, relay, and helo checks seem to be getting them. I checked 10
or twelve from this morning.
DAve
--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?
Maybe they forgot who made that choice possible.
