Theo Van Dinter wrote:
On Tue, Jan 29, 2008 at 07:51:03PM -0500, Robert Fitzpatrick wrote:
I have some users getting slammed with this spam. Before I start trying
to figure out how to intercept, can someone test this message and tell
me if your getting a score above 5.0?
http://esmtp.webtent.net/test.txt
2.5 MISSING_HB_SEP Missing blank line between message header and body
This appears to be a badly pasted email. For example, the topmost Received
header (and then a lot of the rest of the headers) is malformed.
Hitting MISSING_HB_SEP w/ real mails is possible, but very uncommon. If you
see it hitting somewhere, you're more likely to have a misconfiguration in
your setup than a valid hit.
I put extreme scores against emails from TW as we don't do business with
anyone from there. If it wasn't for that, this would have made it
through my system as well. I am really surprised bayes scored a 0 as it
did for the original poster. I do serious bayes training on a regular
basis. I see alot of others are getting bayes scores of 80.
Content analysis details: (5.6 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.9 SUBJ_HAS_SPACES Subject contains lots of white space
0.2 SUBJECT_NOVOWEL Subject: has long non-vowel letter sequence
7.0 RELAYCOUNTRY_TW Relayed through TW
0.2 SUBJ_HAS_UNIQ_ID Subject contains a unique ID
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
--
Mark Johnson
http://www.astroshapes.com/information-technology/blog/
