Robert Boyl wrote: > Hi, everyone > > Please check http://pastebin.com/GUBqpyZ8 > > Interesting how some spams that abuse some legit account such as this > one are hard to detect, how Spamassassin scores almost nothing although > there are spammy works, etc. System caught DCC_CHECK 1.10. > > Some other systems such as isnotspam.com <http://isnotspam.com> caught > some SA rule which doesnt exist anymore in latest SA... > AXB_X_FF_SEZ_S=3.10.
I'm assuming that's your Barracuda appliance that added those Barracuda headers. If so, it's running a VERY out of date SA (3.2.2) when the current release versions is 3.4.1. IIRC the upstream SpamAssassin project is no longer publishing rule updates for 3.2.x. That particular rule is relatively *new*, and so would not have been published to the 3.2.x rules channel. I'm not certain, but it also looks like you might not be using Bayes. This is likely one of the key methods of detecting spam like this; since it was sent through outlook.com the message structure is perfectly legitimate so IP DNSBLs will have little value. Since there's no link, just a (probably cracked/stolen) email address in the body, DNSBL body rules will also have very little value on this message. -kgd
