On Thu, Aug 07, 2008 at 01:51:00PM -0700, Owen B. Mehegan wrote:
> Uh, whoops. Apparently I deleted the body of the message before I sent it.
> Sorry...
>
> I was asking for help figuring out why messages like the one I attached
> are getting through my SA setup. I'm using SA 3.2.1 with spamd, through
> Postfix, on Linux.
>
> This message scores as follows on my system:
>
> 2.0 FREEMAIL_FROM From-address is freemail domain
> 0.0 BOTNET_SERVERWORDS Hostname contains server-like substrings
> [botnet_serverwords,ip=98.136.45.12,rdns=n65a.bullet.mail.sp1.yahoo.com]
> -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0000]
>
> It also hits on the Spamcop URIBL at the moment, but it didn't when I
> first received it. That's a common theme now - message comes in and
> doesn't appear in any blacklists. I test it sometime later and it does,
> often scoring high enough then to be filtered. All these messages are
> coming from freemail providers. I'd like to delay mail from them for an
> hour or something, to give these messages time to get into the blacklists,
> but I haven't figured out a way to do that yet.
>
> I've been getting lots of these for the last 2-3 weeks. The freemail
> filter wasn't enough to stop them, especially for the ones that score 0%
> in bayes. Maybe it's time to wipe out my bayes DB and start over? Or is
> there some other filter I should add? It's driving me crazy!
>
> --
> Owen B. Mehegan ([EMAIL PROTECTED])
>
> >
>
>
Here are two more that got through today. Even several hours later, these
haven't shown up in blacklists. Do anyone else's rules catch these?
--
Owen B. Mehegan ([EMAIL PROTECTED])
"He is a dangerous mixture of sophistication and recklessness which makes one
anxious about his influence on other boys."
>From [EMAIL PROTECTED] Tue Aug 12 06:37:59 2008
Return-Path: <[EMAIL PROTECTED]>
X-Spam-Score: 2.0
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on
sandman.nerdnetworks.org
X-Spam-Level: **
X-Spam-Status: No, score=2.0 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
HTML_MESSAGE autolearn=no version=3.2.1
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-Greylist: delayed 350 seconds by postgrey-1.27 at sandman; Tue, 12 Aug 2008
06:37:55 PDT
Received-SPF: none (sandman.nerdnetworks.org: domain of [EMAIL PROTECTED] does
not designate permitted sender hosts)
Received: from n10.bullet.re3.yahoo.com (n10.bullet.re3.yahoo.com
[68.142.237.123])
by nerdnetworks.org (Postfix) with SMTP id 607B1F80F1
for <[EMAIL PROTECTED]>; Tue, 12 Aug 2008 06:37:55 -0700 (PDT)
Received: from [68.142.237.87] by n10.bullet.re3.yahoo.com with NNFMP; 12 Aug
2008 13:32:04 -0000
Received: from [66.196.97.136] by t3.bullet.re3.yahoo.com with NNFMP; 12 Aug
2008 13:32:04 -0000
Received: from [127.0.0.1] by omp109.mail.re3.yahoo.com with NNFMP; 12 Aug 2008
13:32:04 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [EMAIL PROTECTED]
Received: (qmail 18518 invoked by uid 60001); 12 Aug 2008 13:32:04 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
b=2jBZKWMhmVNw2+4y50JO43d/WupGO/YBAc8AGDpi5NLC4XPTjMLPJjA2xbbWESRE6qj1dJSJvIeC1yXb7mwojRrnTB3PObfF5F1zK9YeFkOaR+xzJJY77iNB5gXllibLjQCvjFItxIveHooY3TLbYHY1jrmAtsJ71FQ13tk8wEk=;
X-YMail-OSG:
wpMId9IVM1kffDA7k9FVnHIfHolwaq__Sfj0Z7KqCOqbzwBCQgwzOZMy0DJeKwynpg4z0UVzNQvDArjadsSBRhkMX7ts3J2uCrv7B6COMXRypLeZ99d_KEfQPfgFM88-
Received: from [189.54.146.81] by web57414.mail.re1.yahoo.com via HTTP; Tue, 12
Aug 2008 06:32:03 PDT
Date: Tue, 12 Aug 2008 06:32:03 -0700 (PDT)
From: Chasity Ripply <[EMAIL PROTECTED]>
Subject: Simple order top quality generic pills
To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-2084603575-1218547923=:14464"
Content-Transfer-Encoding: 8bit
Message-ID: <[EMAIL PROTECTED]>
Status: RO
Content-Length: 536
Lines: 20
--0-2084603575-1218547923=:14464
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
http://groups.google.com/group/as2j9ji1z/web/8sxf0
"We must take the risk."
--0-2084603575-1218547923=:14464
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
<P><a
href="http://groups.google.com/group/as2j9ji1z/web/8sxf0";>http://groups.google.com/group/as2j9ji1z/web/8sxf0</a>
<br> <br> "We must take the risk." <br></P><p> 
--0-2084603575-1218547923=:14464--
>From [EMAIL PROTECTED] Tue Aug 12 00:46:50 2008
Return-Path: <[EMAIL PROTECTED]>
X-Spam-Score: 4.7
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on
sandman.nerdnetworks.org
X-Spam-Level: ****
X-Spam-Status: No, score=4.7 required=5.0 tests=BAYES_00,BOTNET_SERVERWORDS,
FREEMAIL_FROM,GEO_QUERY_STRING,HTML_MESSAGE autolearn=no version=3.2.1
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-Greylist: delayed 341 seconds by postgrey-1.27 at sandman; Tue, 12 Aug 2008
00:46:44 PDT
Received-SPF: none (sandman.nerdnetworks.org: domain of [EMAIL PROTECTED] does
not designate permitted sender hosts)
Received: from n64c.bullet.mail.sp1.yahoo.com (n64c.bullet.mail.sp1.yahoo.com
[98.136.45.63])
by nerdnetworks.org (Postfix) with SMTP id 0DC89F80F1
for <[EMAIL PROTECTED]>; Tue, 12 Aug 2008 00:46:44 -0700 (PDT)
Received: from [216.252.122.216] by n64.bullet.mail.sp1.yahoo.com with NNFMP;
12 Aug 2008 07:41:03 -0000
Received: from [69.147.65.174] by t1.bullet.sp1.yahoo.com with NNFMP; 12 Aug
2008 07:41:03 -0000
Received: from [127.0.0.1] by omp509.mail.sp1.yahoo.com with NNFMP; 12 Aug 2008
07:41:03 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: [EMAIL PROTECTED]
Received: (qmail 49396 invoked by uid 60001); 12 Aug 2008 07:41:03 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Message-ID;
b=QCKe1PjFq27mcHuIVXPV0GBJh+z6c9lXhVCK2yI192mP2uAMKZH/OsnPmjjltaWzSQES4CRfXalk1TFqDP8mqkojwHT6aXjdwhBlRSVCkI9CKni7p5UMZEZWyYYo0xkwit+LGePCE5PfxHuber+hxpqEfZSrP+f4NKTSBqLnA84=;
Received: from [66.45.153.37] by web45516.mail.sp1.yahoo.com via HTTP; Tue, 12
Aug 2008 00:41:03 PDT
X-Mailer: YahooMailWebService/0.7.218
Date: Tue, 12 Aug 2008 00:41:03 -0700 (PDT)
From: Alva Decker <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: to Woods jSexely_wexplxcil Lesbian Motion picture - babefriends cumming
To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1206103302-1218526863=:49301"
Message-ID: <[EMAIL PROTECTED]>
Status: RO
Content-Length: 1788
Lines: 67
--0-1206103302-1218526863=:49301
Content-Type: text/plain; charset=us-ascii
HOT Pictures - VERIFY!
towers closer surgery place part responsibility weekend either keenan lead base
several planned
southern fact local miami florida western jury battle latest tape help minister
until summer guys
agreed forced instead making once surgery taken vote outside hezbollah players
helped once record spot ranked
anything where stopped reached accident wouldn agreement nadal front george
attended beyond ramzi taylor doing johnson million talks five sources dropped
smith injured
irwin soldiers notre quickly murder gone announced slam kind confirmed winner
appeared province
--0-1206103302-1218526863=:49301
Content-Type: text/html; charset=us-ascii
<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top"
style="font: inherit;"><div><strong><font size="4"><a
href="http://geocities.com/./mgag/../ArturoCrane15/?q=uuoTT-289RzodZK.4R3wHQ";>HOT
Pictures - VERIFY!</a></font></strong></div><br><br>
<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
towers closer surgery place part responsibility weekend either keenan lead base
several planned<br>
southern fact local miami florida western jury battle latest tape help minister
until summer guys<br>
agreed forced instead making once surgery taken vote outside hezbollah players
helped once record spot ranked<br>
<br>
anything where stopped reached accident wouldn agreement nadal front george<br>
attended beyond ramzi taylor doing johnson million talks five sources dropped
smith injured<br>
irwin soldiers notre quickly murder gone announced slam kind confirmed winner
appeared province<br>
</td></tr></table><br>
--0-1206103302-1218526863=:49301--
