Hmm
I'm still running 3.1.8......
Content analysis details: (7.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 HOST_EQ_NL HOST_EQ_NL
3.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
[botnet_ipinhosntame,ip=62.163.207.251,rdns=a207251.upc-a.chello.nl]
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0064]
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?62.163.207.251>]
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[62.163.207.251 listed in zen.spamhaus.org]
I just bumped the BOTNET_IPINHOSTNAME score so I score above my 5 limit now..
Don't run RCVD_IN_SORBS_DUL as I found it FP heavy for my environment
I expect to see mp's in my environment, so that's maybe why bayes was at the
opposite end of the score spectrum to you.
No JM_STORM_MP3 though....maybe a 3.1.8/3.2.3 thing, it lint's clean.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: UxBoD [mailto:[EMAIL PROTECTED]
> Sent: 19 October 2007 09:14
> To: Martin.Hepworth
> Cc: [EMAIL PROTECTED]
> Subject: Re: MP3 Spam
>
> Hmmm, hit okay here Martin :-
>
> X-Spam-Status: Yes, score=27.6 required=10.0
> tests=BAYES_99,BOTNET,CRM114_CHECK,
>
> HELO_DYNAMIC_CHELLO_NL,JM_STORM_MP3,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_D
> UL,
> RCVD_IN_XBL,RDNS_DYNAMIC,TVD_SPACE_RATIO autolearn=unavailable
> version=3.2.3
>
> Regards,
>
> --[ UxBoD ]--
> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
> // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]
>
> ----- Original Message -----
> From: "Martin.Hepworth" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Sent: Friday, October 19, 2007 9:11:38 AM (GMT) Europe/London
> Subject: RE: MP3 Spam
>
>
>
> http://www.solidstatelogic.com/mp3-spam.txt
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> > -----Original Message-----
> > From: UxBoD [mailto:[EMAIL PROTECTED]
> > Sent: 19 October 2007 09:01
> > To: Martin.Hepworth
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: MP3 Spam
> >
> > Can you post a copy online Martin ? need a few examples to find the
> common
> > elements.
> >
> > Regards,
> >
> > --[ UxBoD ]--
> > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
> > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
> > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
> > // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]
> >
> > ----- Original Message -----
> > From: "Martin.Hepworth" <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Sent: Friday, October 19, 2007 9:00:39 AM (GMT) Europe/London
> > Subject: RE: MP3 Spam
> >
> >
> > Just tried this on an example we had overnight and it's didn't hit ;-(
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -----Original Message-----
> > > From: UxBoD [mailto:[EMAIL PROTECTED]
> > > Sent: 19 October 2007 08:45
> > > To: Justin Mason
> > > Cc: users@spamassassin.apache.org
> > > Subject: Re: MP3 Spam
> > >
> > > Thanks Justin. Do they all follow the same patterns ?
> > >
> > > Regards,
> > >
> > > --[ UxBoD ]--
> > > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --
> import"
> > > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
> > > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
> > > // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]
> > >
> > > ----- Original Message -----
> > > From: "Justin Mason" <[EMAIL PROTECTED]>
> > > To: [EMAIL PROTECTED]
> > > Cc: users@spamassassin.apache.org
> > > Sent: Thursday, October 18, 2007 8:24:35 PM (GMT) Europe/London
> > > Subject: Re: MP3 Spam
> > >
> > >
> > > UxBoD writes:
> > > > Does anybody have one of these, or different one, that you could
> > upload
> > > somewhere so can do some analysis ?
> > >
> > > sure: http://taint.org/x/2007/mp3spam.txt
> > > anyway, these rules catch them as far as I can tell:
> > >
> > > ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
> > > mimeheader __CTYPE_STORM_MP3_1 Content-Type:raw =~ /^audio\/mpeg;\n
> > > name=\"[a-z]+\.mp3\"$/s
> > > mimeheader __CDISP_STORM_MP3_1 Content-Disposition:raw =~
> /^inline;\n
> > > filename=\"[a-z]+\.mp3\"$/s
> > > mimeheader __CTYPE_STORM_MP3_2 Content-Type:raw =~
> > > /^audio\/mpeg;\n\tname=\"[a-z]+\.mp3\"$/s
> > > mimeheader __CDISP_STORM_MP3_2 Content-Disposition:raw =~
> > > /^attachment;\n\tfilename=\"[a-z]+\.mp3\"$/s
> > >
> > > meta JM_STORM_MP3 ((__CTYPE_STORM_MP3_1&&__CDISP_STORM_MP3_1)
> ||
> > > (__CTYPE_STORM_MP3_2&&__CDISP_STORM_MP3_2))
> > >
> > >
> > > --j.
> > >
> > > --
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean.
> > >
> > >
> > >
> > > --
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean.
> >
> >
> >
> >
> >
> > **********************************************************************
> > Confidentiality : This e-mail and any attachments are intended for the
> > addressee only and may be confidential. If they come to you in error
> > you must take no action based on them, nor must you copy or show them
> > to anyone. Please advise the sender by replying to this e-mail
> > immediately and then delete the original from your computer.
> > Opinion : Any opinions expressed in this e-mail are entirely those of
> > the author and unless specifically stated to the contrary, are not
> > necessarily those of the author's employer.
> > Security Warning : Internet e-mail is not necessarily a secure
> > communications medium and can be subject to data corruption. We advise
> > that you consider this fact when e-mailing us.
> > Viruses : We have taken steps to ensure that this e-mail and any
> > attachments are free from known viruses but in keeping with good
> > computing practice, you should ensure that they are virus free.
> >
> > Red Lion 49 Ltd T/A Solid State Logic
> > Registered as a limited company in England and Wales
> > (Company No:5362730)
> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> > United Kingdom
> > **********************************************************************
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
>
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
