>> <http://pastebin.ca/1418492>
I'm late to the show ... as Mouss already pointed out, this is now
listed in the URIBLs, but it's also now listed in Razor2.
Content analysis details: (11.7 points, 5.0 required)
pts rule name description
---- ------------------ ---------------------------------------------
3.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
medium trust
[128.103.178.24 listed in list.dnswl.org]
1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: read-bankofamerica-newemail.com]
2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: read-bankofamerica-newemail.com]
1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.8 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
above 50%
[cf: 96]
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.0 KHOP_RCVD_UNTRUST DNS-whitelisted sender is not verified
Mouss responded to ɹןʇnqן:
>> I guess Harvard got hacked by spammers?
>
> everybody leaks. as soon as you have users, you are at risk ;-p
That's why I've got my KHOP_RCVD_UNTRUST score ... spammers are going
out of their way to send from whitelisted servers these days, a
testament to how powerful DNSBLs are. My custom rules bump verified
DNSWLs up and un-verified DNSWLs down. You can find it in my
khop-blessed channel at http://khopesh.com/Anti-spam#sa-update_channels
For the lazy, here's the relevant conf snippet, but as I may tweak it
for the better, you're better off using the channel:
meta __KHOP_NOSPOOF ALL_TRUSTED || DKIM_VERIFIED || SPF_PASS
meta __KHOP_DNSWLD RCVD_IN_BSP_TRUSTED || RCVD_IN_DNSWL_HI ||
RCVD_IN_DNSWL_LOW || RCVD_IN_DNSWL_MED || RCVD_IN_IADB_DOPTIN ||
RCVD_IN_IADB_ML_DOPTIN || RCVD_IN_IADB_VOUCHED || RCVD_IN_JMF_W ||
RCVD_IN_SSC_TRUSTED_COI
meta KHOP_RCVD_UNTRUST !__KHOP_NOSPOOF && __KHOP_DNSWLD
describe KHOP_RCVD_UNTRUST DNS-whitelisted sender is not verified
tflags KHOP_RCVD_UNTRUST noautolearn
score KHOP_RCVD_UNTRUST 1 # 20090501
# bump for non-spoofed dns-white items that aren't already pretty low
meta KHOP_RCVD_TRUST __KHOP_NOSPOOF && __KHOP_DNSWLD &&
(4.3*RCVD_IN_BSP_TRUSTED + 8*RCVD_IN_DNSWL_HI + 1*RCVD_IN_DNSWL_LOW +
4*RCVD_IN_DNSWL_MED + 4*RCVD_IN_IADB_DOPTIN + 6*RCVD_IN_IADB_ML_DOPTIN +
2.2*RCVD_IN_IADB_VOUCHED + 3*RCVD_IN_JMF_W +
3.7*RCVD_IN_SSC_TRUSTED_COI) < 7
describe KHOP_RCVD_TRUST DNS-Whitelisted sender is verified
tflags KHOP_RCVD_TRUST nice noautolearn
score KHOP_RCVD_TRUST -2.5 # 20090411
