Please, do not paste a gigantic blob of multipart MIME messages. Put it up somewhere, raw, and simply provide a link.
On Sat, 2008-02-16 at 18:44 -0800, Philip Prindeville wrote: > Anyway, I have no idea why I'm seeing some of these scores. URL matches > when there aren't even URL's in my message? There are. Self-inflicted. The ones in square brackets with the leading 550 code, which you seem to keep sending back and forth. :) > A 2.6 score on BAYES_00? URIBL_JP_SURBL and URIBL_OB_SURBL? And what > the heck is DNS_FROM_OPENWHOIS??? Well, if you don't mind having a second look, that is MINUS 2.6 for Bayes. What's wrong with that? Regarding your SURBL questions... Yes. Wait, you where hoping for more? Without any actually asked question? OK, good then. The domain chalturs.com is listed in these RBLs, as the results tell you. See http://surbl.org/ for more. Oh, and DNS_FROM_OPENWHOIS probably is http://open-whois.org/, which gives you a hint about what it actually is. The hit itself pretty much mentions this... > TVD_STOCK1? There's no mention of stock anywhere in the message. >From a quick glimpse of the code, it appears to identify common words used in stock (as in stock exchange, pump-n-dump penny stocks) spam. It does not search for the word "stock". Just as pretty much no rule in SA ever searches for single words only... > Why am I seeing all of these bogus matches? >From what I can tell, and what you sent us, they don't appear to be bogus. > I looked on the wiki for some of these, but couldn't find descriptions. > > What should I do? Just block their domain? I don't want to deal with > their misconfiguration issues. Apparently you already exchanged messages? Try not sending the offensive mail in question. Put it up somewhere as reference, if need be. Hmm, sounds familiar... ;) guenther -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
