> On 4.12.2009 18:00, Thomas Harold wrote: > > SA had a lot of trouble identifying this as spam. The IP > > (174.139.37.196) is not yet listed in a lot of the DNSBLs. So it only > > scored around a 1.0 on the spam meter. > > > > http://pastebin.com/m1d0a75b7
On 04.12.09 22:42, Jari Fredriksson wrote: > Content analysis details: (14.9 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 1.0 RCVD_IN_BRBL_LASTEXT RBL: Received via a relay in Barracuda BRBL > [174.139.37.196 listed in bb.barracudacentral.org] > 1.7 RCVD_IN_HOSTKARMA_BL RBL: HostKarma: relay in black list > [174.139.37.196 listed in hostkarma.junkemailfilter.com] > 0.8 RCVD_IN_SEMBLACK RBL: Received from an IP listed by SEM-BLACK > [174.139.37.196 listed in bl.spameatingmonkey.net] > 4.0 BOTNET Relay might be a spambot or virusbot > [botnet0.8,ip=174.139.37.196,rdns=host196.easysavingsusa.com,maildomain=globalsaveonlinepath.net,baddns] > 0.6 SARE_HTML_HTML_TBL FULL: Message body has very strange HTML > sequence > 2.0 KHOP_DNSBL_BUMP Hits a trusted non-overlapping DNSBL ...these are all unofficial rules > -2.5 BAYES_20 BODY: Bayesian spam probability is 5 to 20% > [score: 0.0515] > 2.8 UNWANTED_LANGUAGE_BODY BODY: Message written in an undesired language these require manual training/configuration, although anyone should configure languages as one of first things... > 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist > [URIs: globalsaveonlinepath.net] > 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level > above 50% > [cf: 100] > 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > [cf: 100] OP was apparently early recipient so they didn't match that time. > -0.0 SPF_HELO_PASS SPF: HELO matches SPF record > -0.0 SPF_PASS SPF: sender matches SPF record > 0.0 HTML_MESSAGE BODY: HTML included in message > 0.1 RDNS_NONE Delivered to trusted network by a host with > no rDNS well, these should match anywhere anytime ;) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
