On Thu, 2007-09-13 at 08:38 +0200, Rob Sterenborg wrote: > ram wrote: > > Now we have nigerian spam that actually refers to compensating > > victims of scam > > > > https://ecm.netcore.co.in/tmp/nigerian.txt > > > > The spammer is insane. Does he thing a real victim would be foolish > > enough to fall in his trap again > > > > OTOH > > Unfortunately , this mail went clean thru all my SA-rules ( SA 3.2.3 > > ) as well as custom scanners > > I stripped your MS headerlines from the email and ran it through our > SA-3.1.8: > > Content analysis details: (16.3 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.8 UNDISC_RECIPS Valid-looking To "undisclosed-recipients" > 1.1 SPF_NEUTRAL SPF: sender does not match SPF record > (neutral) > [SPF failed: Please see > http://www.openspf.org/why.html?sender=infolott8%40bellsouth.net&ip=202. > 162.229.17&receiver=koekoek.dcyb.net] > 1.0 SUBJ_ALL_CAPS Subject is all capitals > 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay > lines > 0.0 HTML_MESSAGE BODY: HTML included in message > 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to > 100% > [score: 1.0000] > 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in > abuse.rfc-ignorant.org > 1.4 DNS_FROM_RFC_WHOIS RBL: Envelope sender in > whois.rfc-ignorant.org > 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > [Blocked - see > <http://www.spamcop.net/bl.shtml?81.199.89.27>] > 1.7 DNS_FROM_RFC_POST RBL: Envelope sender in > postmaster.rfc-ignorant.org > 3.3 ADVANCE_FEE_3 Appears to be advance fee fraud (Nigerian > 419) > 0.0 ADVANCE_FEE_1 Appears to be advance fee fraud (Nigerian > 419) > 0.3 MIME_BOUND_NEXTPART Spam tool pattern in MIME boundary > 1.4 ADVANCE_FEE_2 Appears to be advance fee fraud (Nigerian > 419) > > I suppose SA-3.2.3 should be able to give similar results.
Well Yes ! The RFC_WHOIS and RFC_POST rules are removed in SA 3.2.3 I dont know why ? Also you took the wrong IP for SPF checks. That was my relay server IP Now The same mail gets 7.2 on my servers , because of listing in spamcop and BOTNET .. but it is too late now Thanks Ram
