On Fri, 24 Aug 2007, Robert Fitzpatrick wrote: > Anyone seen these, first reported to us today, but a lot...can > they be stopped. Bayes even gives negative score...we are running > SA 3.2.1 with SARE rules, Botnet, KAM, chickenpox... > > http://esmtp.webtent.net/mail1.txt
Hrm. About the only useful thing I can see is the number of recipients. You might want to add a point for more than ten or so addresses in the TO: header. I posted some rules for that a few days ago. That X-Mailer looks really suspicious, too. And give AOL a few points, just on principle. :) -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- The one political issue that strips all politicians bare is individual gun rights. ----------------------------------------------------------------------- Tomorrow: The 1928th anniversary of the destruction of Pompeii
