Is this the MEDS rule thread that you refer to? http://www.nabble.com/-NEW-SPAM-FLOOD--www.shopXX.net-td24139422.html
Skip John Wilcock wrote: > > Le 06/07/2009 14:22, RW a écrit : >>> http://pelorus.org/spammy.txt >>> > >> >> That's odd, I get MISSING_DATE, MISSING_HB_SEP, MISSING_HEADERS, >> MISSING_MID, MISSING_SUBJECT too, even though all the headers are there. >> > > So do I until I get rid of the extraneous carriage return in the > following received line: > >> Received: from outbound-mail-324.bluehost.com >> (outbound-mail-324.bluehost.com [67.222.55.5]) > > After which it passes through fine - and hits very few vanilla SA sules, > though BOTNET and the MEDS rule that was posted to the list recently > help push it over the spam threshold: > >> pts rule name description >> ---- ---------------------- >> -------------------------------------------------- >> 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL >> [88.73.93.76 listed in zen.spamhaus.org] >> 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP >> address >> [88.73.93.76 listed in dnsbl.sorbs.net] >> 3.0 local_OBFU_WWW_MEDS BODY: obfuscated www. domainnn .com >> 0.5 BOTNET_CLIENTWORDS Hostname contains client-like substrings >> [botnet_clientwords,ip=88.73.93.76,rdns=dslb-088-073-093-076.pools.arcor-ip.net] >> 1.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address >> [botnet_ipinhosntame,ip=88.73.93.76,rdns=dslb-088-073-093-076.pools.arcor-ip.net] >> 1.5 BOTNET_CLIENT Relay has a client-like hostname >> [botnet_client,ip=88.73.93.76,rdns=dslb-088-073-093-076.pools.arcor-ip.net,ipinhostname,clientwords] >> 0.1 RDNS_DYNAMIC Delivered to trusted network by host with >> dynamic-looking rDNS > > John. > > -- > -- Over 3000 webcams from ski resorts around the world - www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > > -- View this message in context: http://www.nabble.com/SA-scores-zero...-sometimes-tp24347925p24363677.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
