Dear Spamassassin,
I've seen a recent increase in spam getting through Spamassassin...
I've been getting groups of spam messages which have the same subject,
often with zip attachments. Here's a screenshot from Mutt:
36604 N * Dec 15 %GIRL_NAME Lyon (0.2K) Re: Healthy soul in healthy body.
Order Celexa now.
36605 N * Dec 15 Beta Consulting ( 49K) Opleiding Excel basis en/of
gevorderd
36606 N * Dec 15 kneuper@grwsj.e ( 60K) Envío de factura PDF al CLIENTE
36607 N * Dec 15 Mona Dominguez (4.9K) Order Receipt
36608 N * Dec 15 Hyman Walsh (4.9K) Order Receipt
36609 N * Dec 15 Ugg Boots (9.0K) frede...@ofb.net,Free Shipping +
Discounted Gift Ca
36610 N * Dec 15 SureVoIP ( 12K) Voicemail from 08440635679
<08440635679> 00:02:17
36611 N * Dec 15 Alberto (0.8K) Triple your gaming pleasure
36612 N * Dec 15 Harp-Approval A (1.4K) Can HARP help you save on your
monthly home payment
36613 N * Dec 15 SureVoIP ( 13K) Voicemail from 08445596415
<08445596415> 00:02:13
36614 N * Dec 15 SureVoIP ( 13K) Voicemail from 08437168032
<08437168032> 00:02:44
36615 N * Dec 15 Medical Marijua (6.3K) CNN: Epileptic Seizures
Dramatically Improved with
36616 N * Dec 15 SureVoIP ( 13K) Voicemail from 08449381540
<08449381540> 00:03:15
36617 N * Dec 15 SureVoIP ( 13K) Voicemail from 08459518695
<08459518695> 00:02:33
36618 N * Dec 15 SureVoIP ( 13K) Voicemail from 08448469191
<08448469191> 00:01:08
36619 N * Dec 15 SureVoIP ( 13K) Voicemail from 08453192741
<08453192741> 00:02:33
36620 N * Dec 15 SureVoIP ( 13K) Voicemail from 08433847988
<08433847988> 00:02:19
36621 * Dec 15 SureVoIP ( 12K) Voicemail from 08428271866
<08428271866> 00:02:48
36622 N * Dec 15 SureVoIP ( 13K) Voicemail from 08482974918
<08482974918> 00:03:45
36623 N * Dec 15 SureVoIP ( 13K) Voicemail from 08401864200
<08401864200> 00:01:51
36624 N * Dec 15 SureVoIP ( 13K) Voicemail from 08457292679
<08457292679> 00:02:41
Here's a couple of headers:
Date: Thu, 15 Dec 2016 20:25:45 +0530
From: SureVoIP <voicemailand...@dubrovniktravel.hr>
To: frede...@ofb.net
Subject: Voicemail from 08457292679 <08457292679> 00:02:41
X-Mailer: PHPMailer 5.2.2
(http://code.google.com/a/apache-extras.org/p/phpmailer/)
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_05,HTML_MESSAGE,
RDNS_NONE,T_SPF_TEMPERROR autolearn=no autolearn_force=no
version=3.4.1
Date: Thu, 15 Dec 2016 02:09:18 -0700
From: %GIRL_NAME Lyon <lyon_%girl_n...@feuz.com>
To: frede...@ofb.net
Subject: Re: Healthy soul in healthy body. Order Celexa now.
X-Spam-Status: No, score=3.3 required=5.0 tests=BAYES_50,BODY_URI_ONLY,
HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
MIME_HTML_ONLY,RDNS_NONE,T_SPF_HELO_TEMPERROR,T_SPF_TEMPERROR
autolearn=no
autolearn_force=no version=3.4.1
As you can see, I have trained the "Bayesian" filter but it isn't
recognizing the messages as spam. I run Arch Linux and I use the
following commands to do the training:
sudo -u spamd sa-learn --showdots -D 1 --spam --dir ~/mail/folders/spam
sudo -u spamd sa-learn --showdots -D 1 --ham --dir ~/mail/folders/inbox
I use spamc and spamd to do the filtering.
Any ideas? I don't have many legitimate emails with 'zip' attachments,
but I'm intimidated by the thought of going into the Spamassassin
config and tweaking the various parameters by hand.
Thanks,
Frederick
