This may have already been addressed, but is there a released rule set
or add-on that would help in identifying these type of stock spam
emails?
We use MailScanner 4.59.4 (MailScanner-v: 3.002000 Mail::SpamAssassin),
SpamAssassin 3.2 (SpamAssassin -V), Perl 5.8.5, DCC, Pyzor. We run
sa-update and RulesDuJour for automatic updates.
We turned off Razor since it was causing delays in processing mail.
In MailScanner, we turned off SpamHaus since we process too much email -
it appears it was just raising the score of high spam: 'Spam List =
SBL+XBL'
We also use milter-greylist during the hours of 10 PM and 5 AM. We use
milter-null (snert) to reduce bounce backs.
We receive about 300k emails a day with about 70% identified as spam.
We deliver about 5% of the suspected spam (score below 5).
We added URIBL checks to our mailscanner.cf file:
urirhssub URIBL_BLACK multi.uribl.com. A 2
body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describe URIBL_BLACK Contains an URL listed in the URIBL
blacklist
tflags URIBL_BLACK net
score URIBL_BLACK 3.0
urirhssub URIBL_GREY multi.uribl.com. A 4
body URIBL_GREY eval:check_uridnsbl('URIBL_GREY')
describe URIBL_GREY Contains an URL listed in the URIBL greylist
tflags URIBL_GREY net
score URIBL_GREY 0.25
I am considering adding the botnet plugin from:
http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar and possibly
adding fake MX entries.
We use BAYES, but we don't feed spam or ham so it may have little help.
Here are the cf files we use in /etc/mail/spamassassin:
00_FVGT_File001.cf 70_sare_highrisk.cf 70_sare_stocks.cf
72_sare_bml_post25x.cf bogus-virus-warnings.cf random.cf
70_sare_adult.cf 70_sare_html0.cf 70_sare_unsub.cf
72_sare_redirect_post3.0.0.cf chickenpox.cf sa-update-keys
70_sare_bayes_poison_nxm.cf 70_sare_html_eng.cf 70_sare_uri0.cf
88_FVGT_body.cf init.pre tripwire.cf
70_sare_evilnum0.cf 70_sare_obfu0.cf 70_sare_uri_eng.cf
88_FVGT_rawbody.cf local.cf v310.pre
70_sare_genlsubj0.cf 70_sare_oem.cf 70_sare_whitelist.cf
88_FVGT_subject.cf mailscanner.cf v312.pre
70_sare_genlsubj_eng.cf 70_sare_random.cf
70_sare_whitelist_rcvd.cf 88_FVGT_uri.cf mangled.cf
v320.pre
70_sare_header0.cf 70_sare_specific.cf
70_sare_whitelist_spf.cf 99_sare_fraud_post25x.cf pdfinfo.cf
weeds.cf
70_sare_header_eng.cf 70_sare_spoof.cf 70_zmi_german.cf
bakerbotts.cf popcorn_new.cf
Any input on our configuration would be appreciated - this is a great
forum!
Donald
Donald Dawson
Security Administrator
Baker Botts L.L.P.
713-229-2183
------------------------------------------------------------------------
--------------------------
Microsoft Mail Internet Headers Version 2.0
Received: from houfe01node01.bakerbotts.net ([10.20.254.151]) by
HOUEVS02.bakerbotts.net with Microsoft SMTPSVC(6.0.3790.211);
Thu, 5 Jul 2007 10:09:09 -0500
Received: from housweep03.bakerbotts.net ([10.20.254.246]) by
houfe01node01.bakerbotts.net with Microsoft SMTPSVC(6.0.3790.211);
Thu, 5 Jul 2007 10:09:09 -0500
Received: from housweep01.bakerbotts.net (housweep01.bakerbotts.net
[10.20.254.236]) by housweep03.bakerbotts.net
(Content Technologies SMTPRS 4.3.20) with ESMTP id
<[EMAIL PROTECTED]> for
<[EMAIL PROTECTED]>;
Thu, 5 Jul 2007 10:09:08 -0500
Received: from houmx05.bakerbotts.com (houmx05-inside.bakerbotts.net) by
housweep01.bakerbotts.net
(Content Technologies SMTPRS 4.3.20) with ESMTP id
<[EMAIL PROTECTED]> for
<[EMAIL PROTECTED]>;
Thu, 5 Jul 2007 10:09:08 -0500
X-Envelope-From: [EMAIL PROTECTED]
Received: from stryker-coruna.easynet.es (stryker-coruna.easynet.es
[84.20.18.243])
by houmx05.bakerbotts.com (8.13.8/8.13.5) with SMTP id
l65F8mIB022832
for <[EMAIL PROTECTED]>; Thu, 5 Jul 2007 10:08:55
-0500
Received: (qmail 17255 invoked from network); Thu, 5 Jul 2007 17:08:48
+0200
Received: from unknown (HELO tjz) (196.128.111.164)
by stryker-coruna.easynet.es with SMTP; Thu, 5 Jul 2007 17:08:48
+0200
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 5 Jul 2007 17:08:48 +0200
From: Curry <[EMAIL PROTECTED]>
User-Agent: Thunderbird 1.5.0.12 (Windows/20070509)
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: isolated W
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Null-Tag: 1bc6951047be6b09f152db58e9a5f883
X-Greylist: Delayed for 00:10:08 by milter-greylist-3.0rc3
(houmx05.bakerbotts.com [204.194.98.17]); Thu, 05 Jul 2007 10:08:56
-0500 (CDT)
X-BakerBotts-MailScanner-Information: Please contact the ISP for more
information
X-BakerBotts-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=0.3, required 5, SARE_WEOFFER 0.30)
X-BakerBotts-MailScanner-From: [EMAIL PROTECTED]
X-Spam-Status: No
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 05 Jul 2007 15:09:09.0028 (UTC)
FILETIME=[6FDCDE40:01C7BF16]
-----Original Message-----
From: Curry [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 05, 2007 10:09 AM
To: Dawson, Donald
Subject: isolated W
ERMX Continues To Expand As Stock Climbs Up 16.6%!
EntreMetrix Inc. (ERMX)
$0.21 UP 16.6%
ERMX announced further expansion with K-9 Genetics. Healthy and Premium
dog foods grossed $3.6 Billion in 2006, up from $1.9 billion in previous
years. Read up on ERMX over the holiday, we think you will see even more
fireworks on Thursday morning!
Mostly we invite artists and curators to put together shows for us;
however we remain open to proposals.
Please feel free to contact Steven Winogradsky directly to discuss your
production and how The Winogradsky Company can best serve your company
and the music needs of your clients.
Elen-Florence is interested in aquiring a recording contract.
It is not objectification, but going out beyond the bounds of reality.
Access Error Headline functionality has been disabled from your
intranet.
Every two or three years this project will hold a central exhibition
with a few supplementary ones.
His works can be found in private collections in Canada, France,
England, Australia, and the USA.
>From suggesting the right clues to optimize the final audiovisual
product to advising about the fit strategies to get the expected target.
>From suggesting the right clues to optimize the final audiovisual
product to advising about the fit strategies to get the expected target.
We currently stock thousands of books, CDs and videos, together with a
superb range of dancewear from Capezio and Roch Valley.
The director is always happy to talk on current exhibitions and about
the work of the organisation. As a child, Alderman's talents were
nurtured by a physician father who encouraged him to become a cosmetic
surgeon.
After the CD was finished the two guitar players were replaced by Geoff
Schultz and Aaron Fletcher, they also aquired a second singer, Keith
Yaskovich, and the name was changed to "Blank Shift".
The Visitors Programme is a joint project with Creative New Zealand.
Mai mica sau mai mare.
com - ApS LesGalleries. It is not objectification, but going out beyond
the bounds of reality. a luat premii cu caru, in general majoritatea
criticilor .
Hawes, Lewis Hine, W.
"You follow their careers and you watch the evolution of two human
beings over the course of a lifetime.
Mai mica sau mai mare. Gigs in northern Germany included support shows
for The Damned, Social Distortion, Bad Religion, U.
An intuitive artist, he felt his talents and abilities surpassed those
of college professors. It is not objectification, but going out beyond
the bounds of reality. S-a intamplat o eroare. com - Janet Lehr Inc.
Art works sales and curatorial projects.
We offer our marketing design services.
Here you can narrow your search. Subtle effects of lighting and shadow
casting can also be explored. Offers logo galleries, FAQs, and on-line
ordering. What music can I have for my wedding reception? She discovers
a means of expression and communication that permits her to release her
emotions trapped within her. His Studio is located in Canon City,
Colorado, where he chose to live near the source of stone he sculpts as
well as some of the finest bronze foundries in the nation.
