You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Thomas Arend <ml...@arend-whv.info> on 2004/12/22 12:37:53 UTC
spam with (rolex) watches gets trough
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I'm geting a lot of spam messages about rolex watches (see example below),
which were not scored as spam. Only the bayes test applies, which gives only
a score of 4.1
Thomas
Example Message:
Return-Path: <co...@selle.no>
[..]
X-Original-To: thomas@localhost.arend-whv.de
Delivered-To: thomas@localhost.arend-whv.de
Received: from r0.arend-whv.de [192.168.0.254]
by localhost with POP3 (fetchmail-6.2.5)
for thomas@localhost (single-drop); Wed, 22 Dec 2004 10:45:03 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by r0.arend-whv.de (Postfix) with ESMTP id A13FC2E9E4
for <th...@localhost.arend-whv.de>; Wed, 22 Dec 2004 08:05:06 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by r0.arend-whv.de (Postfix) with ESMTP id B5ACE2DC26
for <th...@localhost>; Wed, 22 Dec 2004 08:05:03 +0100 (CET)
Delivery-Date: Wed, 22 Dec 2004 08:03:02 +0100
Received: from pop.kundenserver.de [212.227.15.149]
by localhost with POP3 (fetchmail-6.2.1)
for thomas@localhost (single-drop); Wed, 22 Dec 2004 08:05:03 +0100 (CET)
Received: from [221.232.41.153] (helo=donau.de)
by mxeu6.kundenserver.de with ESMTP (Nemesis),
id 0MKsUu-1Ch0WN1gKK-0001xL; Wed, 22 Dec 2004 08:02:55 +0100
Received: from 248.99.190.244 by smtp.selle.no;
Wed, 22 Dec 2004 07:00:59 +0000
Message-ID: <5f...@donau.de>
From: "Tricia W. Cochran" <co...@selle.no>
To: thomas@t-arend.de
Subject: Order Rolex or other Swiss watches online
Date: Wed, 22 Dec 2004 08:00:36 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Envelope-To: thomas@t-arend.de
X-SpamScore: 0.000
X-Virus-Scanned: by AMaViS 0.3.12pre8
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on r3.arend-whv.de
X-Spam-Level: ****
X-Spam-Status: No, score=4.1 required=5.0 tests=BAYES_99 autolearn=no
version=3.0.2
X-UIDL: !2A"!W2g!!]KI"!CWU"!
Status: R
X-Status: N
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:
Heya,
Do you want a rolex watch?
In our online store you can buy replicas of Rolex watches. They look
and feel exactly like the real thing.
- - We have 20+ different brands in our selection
- - Free shipping if you order 5 or more
- - Save up to 40% compared to the cost of other replicas
- - Standard Features:
- Screw-in crown
- Unidirectional turning bezel where appropriate
- All the appropriate rolex logos, on crown and dial
- Heavy weight
Visit us: http://mecei.com/rep/rolex/
Best regards,
Hilton Jones
No thanks: http://www.mecei.com/z.php
- --
icq:133073900
aim:tawhv
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFByVyfHe2ZLU3NgHsRAlaCAJ47oZyvT6pTNd/JpzOoC7qA5S33DQCdFJp+
GosI7nMqjMs93NvIci7fGso=
=w86E
-----END PGP SIGNATURE-----
Re: {Spam?} spam with (rolex) watches gets trough
Posted by Thomas Arend <ml...@arend-whv.info>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am Mittwoch, 22. Dezember 2004 12:42 schrieb Martin Hepworth:
> Thomas
>
> what extra rules above the standard SA ones have you got? Any from
> www.rulesemporium.com ?
I have only the standard rules from SA 3.0.2
>
> also have you got the URI rbl's turned on? This helps quite alot for
> this sort of spam.
Thanks, I just checked it with spamassassin and got URI checks.
A check on /etc/sysconfig/spamd on SuSE 9.1 showed -L option activated -
removed it. Now the message gets "fine" scores.
Thanks
Thomas
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
[..]
- --
icq:133073900
aim:tawhv
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFByWC2He2ZLU3NgHsRAtYZAJ9LLkbu57mA61s4ppz9bbsAjE38qQCgiCC4
m10nVk6gTsVeoxdwIP1sOak=
=7ifw
-----END PGP SIGNATURE-----
Re: {Spam?} spam with (rolex) watches gets trough
Posted by Jim Barry <ji...@jbarry.net>.
On Wed, December 22, 2004 6:42 am, Martin Hepworth said:
> also have you got the URI rbl's turned on? This helps quite alot for this
> sort of spam.
Indeed.
That forwarded message ended up tagged as spam the URI checks are what
caught it... even the AWL wasn't enough to save it. :)
SpamAssassin (score=5.826, required 5,
AWL -8.43, BAYES_50 0.40, RAZOR2_CF_RANGE_51_100 1.75,
RAZOR2_CHECK 1.75, URIBL_AB_SURBL 0.42, URIBL_OB_SURBL 3.21,
URIBL_SBL 1.00, URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 1.46)
Re: {Spam?} spam with (rolex) watches gets trough
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
Thomas
what extra rules above the standard SA ones have you got? Any from
www.rulesemporium.com ?
also have you got the URI rbl's turned on? This helps quite alot for
this sort of spam.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Thomas Arend wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
>
> I'm geting a lot of spam messages about rolex watches (see example below),
> which were not scored as spam. Only the bayes test applies, which gives only
> a score of 4.1
>
> Thomas
>
> Example Message:
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************