You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Steve Dimoff <sd...@usnetworksinc.com> on 2004/10/04 13:26:05 UTC
Catching Delivery Status Notification messages (SPAM)
Folks,
The past couple of days, I've been getting messages like the one
below, and I'm not sure how to stop it. I don't understand why SA isn't
giving it a higher score. I tried searching through the archives but didn't
see much on it.
Thanks!
Received: from removed ([removed]) by removed with
Microsoft SMTPSVC(5.0.2195.6713);
Sun, 3 Oct 2004 15:33:34 -0400
From: postmaster@ removed <mailto:postmaster@ removed >
To: keelyferrill@ removed <mailto:keelyferrill@ removed >
Date: Sun, 3 Oct 2004 15:33:28 -0400
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01C4902088DDE25400052278fm4a.fmrealty.co"
X-DSNContext: 335a7efd - 4446 - 00000001 - 80040546
Message-ID: < xQiaTOhgH000098be@ removed
<mailto:xQiaTOhgH000098be@ removed > >
Subject: Delivery Status Notification (Failure)
Return-Path: <>
X-OriginalArrivalTime: 03 Oct 2004 19:33:34.0851 (UTC)
FILETIME=[DF7A9530:01C4A97F]
This is a MIME-formatted message.
Portions of this message may be unreadable without a MIME-capable mail
program.
--9B095B5ADSN=_01C4902088DDE25400052278removed.co
Content-Type: text/plain; charset=unicode-1-1-utf-7
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
dawson@fmrealty.com <mailto:dawson@ removed >
--9B095B5ADSN=_01C4902088DDE25400052278removed.co
Content-Type: message/delivery-status
Reporting-MTA: dns; removed
Received-From-MTA: dns; removed
Arrival-Date: Sun, 3 Oct 2004 15:33:28 -0400
Final-Recipient: rfc822;dawson@ removed
Action: failed
Status: 5.1.1
--9B095B5ADSN=_01C4902088DDE25400052278 removed.co
Content-Type: message/rfc822
Received: from removed ([removed]) by removed with
Microsoft SMTPSVC(6.0.3790.0);
Sun, 3 Oct 2004 15:33:28 -0400
Received: from removed ([removed]) by
removed with Microsoft SMTPSVC(5.0.2195.6713);
Sun, 3 Oct 2004 15:33:28 -0400
Received: (qmail 12129 invoked by uid 511); 3 Oct 2004 13:46:41 -0400
Received: from keelyferrill@ removed
<mailto:keelyferrill@ removed.com> by removed.com by uid
502 with qmail-scanner-1.22st
(clamdscan: 0.75.1. spamassassin: 2.63. perlscan: 1.22st.
Clear:RC:0(222.47.128.233):SA:0(-1.5/5.2):.
Processed in 7.521764 secs); 03 Oct 2004 17:46:41 -0000
X-Spam-Status: No, hits=-1.5 required=5.2
Received: from unknown (HELO removed.com) (removed)
by removed.com with SMTP; 3 Oct 2004 13:46:34 -0400
Message-ID: < C79E4330.30BC0BE@ removed.com
<mailto:C79E4330.30BC0BE@ removed.com> >
Date: Sun, 03 Oct 2004 16:19:40 +0000
Reply-To: " removed " < keelyferrill@ removed
<mailto:keelyferrill@ removed.com> >
From: " removed " < keelyferrill@ removed.com
<mailto:keelyferrill@ removed.com> >
User-Agent: Windows Eudora Pro Version 2.2 (32)
MIME-Version: 1.0
To: " removed " < dawson@ removed.com <mailto:dawson@ removed.com> >,
" removed " < myerson@ removed.com <mailto:myerson@ removed.com> >,
" removed " < halverso@ removed.com
<mailto:halverso@ removed.com> >,
" removed " < pegkaczmarski@ removed.com
<mailto:pegkaczmarski@ removed.com> >,
" removed " < pardner@ removed.com <mailto:pardner@ removed.com> >,
" removed " < decee@ removed.com <mailto:decee@ removed.com> >,
" removed " < lingle@ removed.com <mailto:lingle@ removed.com> >,
" removed " < comicman@ removed.com
<mailto:comicman@ removed.com> >,
" removed " < baldwinl@ removed.com <mailto:baldwinl@ removed.com>
>
Subject: cash-out for things you need arsine
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
Removed.com
X-Spam-Level:
Return-Path: keelyferrill@ removed.com
<mailto:keelyferrill@ removed.com>
X-OriginalArrivalTime: 03 Oct 2004 19:33:29.0132 (UTC)
FILETIME=[DC11EEC0:01C4A97F]
emirg cvoth
flbsd flptrace easterns fz01 easyplot fbvwidth
Did you ever get a chance to try that site we spoke about. I have been
using it to get all of my R X needs from. Service was great, rates are
outstanding. Talk to you later.
Get it Today http://norwegian.com.sweetpharminfo.com
<http://norwegian.com.sweetpharminfo.com>
"booss", he said, "The pill actually worked!"
After a heavy night at the pub, a drunken man decides to sleepoff
hisdrunkennessatalocal hootel.He approaches the receptiondesk, takescare
oftheformalities andheads off to his suite. Several minuteslater,the
drunk
staggers back to the reception desk and demands his room be changed.
But
sir, said the clerk, you have the best room in the hootel. I insist
on
another room ! said the drunk. Very good, sir. I'll change you from
502 to
525. Would you mind telling me why you don't like 502? asked the clerk.
Well, for one thing, said the drunk, it's on fire.
Re: Catching Delivery Status Notification messages (SPAM)
Posted by Loren Wilton <lw...@earthlink.net>.
bogus_virus_warnings.cf may help here. It is primarily aimed at catching
virus bounce messages, but it also does fairly well at catching this general
sort of thing.
Loren
Re: [SPAM-TAG] Re: {Spam?} Catching Delivery Status Notification
messages (SPAM)
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
Jeff Chan wrote:
> On Monday, October 4, 2004, 5:55:27 AM, Martin Hepworth wrote:
>
>>Jeff
>
>
>>Get it Today http://norwegian.com.sweetpharminfo . com
>><http://norwegian.com.sweetpharminfo . com>
>
>
> Aha, looks like a true spam domain mentioned on a
> spam discussion list.
>
> The best solution to these is probably to not process
> spam discussion list messages using SpamAssassin, etc.,
> else hits will happen often.
>
> Jeff C.
Jeff
yeah I know - I'll whitelist the list address one day....in the mean
time I'm delivering all scores rfom 5-10 anyhow.. I don't get enough
FP's for me to care :-)
--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: [SPAM-TAG] Re: {Spam?} Catching Delivery Status Notification messages (SPAM)
Posted by Jeff Chan <je...@surbl.org>.
On Monday, October 4, 2004, 5:55:27 AM, Martin Hepworth wrote:
> Jeff
> Get it Today http://norwegian.com.sweetpharminfo . com
> <http://norwegian.com.sweetpharminfo . com>
Aha, looks like a true spam domain mentioned on a
spam discussion list.
The best solution to these is probably to not process
spam discussion list messages using SpamAssassin, etc.,
else hits will happen often.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: {Spam?} Catching Delivery Status Notification messages (SPAM)
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
Jeff
Get it Today http://norwegian.com.sweetpharminfo.com
<http://norwegian.com.sweetpharminfo.com>
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Jeff Chan wrote:
> On Monday, October 4, 2004, 4:33:35 AM, Martin Hepworth wrote:
>
>>Steve
>
>
>>even with the messages coming from the spamassassin users email list I
>>got the following hits..
>
>
>>-4.90 BAYES_00 Bayesian spam probability is 0 to 1%
>>0.08 FVGT_TRIPWIRE_BV
>>0.08 FVGT_TRIPWIRE_FL
>>0.08 FVGT_TRIPWIRE_VW
>>0.60 J_CHICKENPOX_72 {7}Letter - punctuation - {2}Letter
>>2.10 OB_URI_RBL URI's domain appears in ws database at ob.surbl.org
>>1.95 REMOVE_REMOVAL_2WORD List removal information
>>0.35 REMOVE_SUBJ List removal information
>>2.50 SARE_SPOOF_COM2OTH a.com.b.c
>>0.08 TW_BV Odd Letter Triples with BV
>>0.08 TW_FL Odd Letter Triples with FL
>>0.08 TW_VW Odd Letter Triples with VW
>>2.10 WS_URI_RBL URI's domain appears in ws database at ws.surbl.org
>
>
>>a total of 5.16
>
>
>>What extra rules have you got installed, the surbl.org and sare_spoof
>>got the highest scores for me, enough to take me over the 5 I use as a
>>minimum.
>
>
> What URIs were in the original message please?
>
> Jeff C.
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: {Spam?} Catching Delivery Status Notification messages (SPAM)
Posted by Jeff Chan <je...@surbl.org>.
On Monday, October 4, 2004, 4:33:35 AM, Martin Hepworth wrote:
> Steve
> even with the messages coming from the spamassassin users email list I
> got the following hits..
> -4.90 BAYES_00 Bayesian spam probability is 0 to 1%
> 0.08 FVGT_TRIPWIRE_BV
> 0.08 FVGT_TRIPWIRE_FL
> 0.08 FVGT_TRIPWIRE_VW
> 0.60 J_CHICKENPOX_72 {7}Letter - punctuation - {2}Letter
> 2.10 OB_URI_RBL URI's domain appears in ws database at ob.surbl.org
> 1.95 REMOVE_REMOVAL_2WORD List removal information
> 0.35 REMOVE_SUBJ List removal information
> 2.50 SARE_SPOOF_COM2OTH a.com.b.c
> 0.08 TW_BV Odd Letter Triples with BV
> 0.08 TW_FL Odd Letter Triples with FL
> 0.08 TW_VW Odd Letter Triples with VW
> 2.10 WS_URI_RBL URI's domain appears in ws database at ws.surbl.org
> a total of 5.16
> What extra rules have you got installed, the surbl.org and sare_spoof
> got the highest scores for me, enough to take me over the 5 I use as a
> minimum.
What URIs were in the original message please?
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: {Spam?} Catching Delivery Status Notification messages (SPAM)
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
Steve
even with the messages coming from the spamassassin users email list I
got the following hits..
-4.90 BAYES_00 Bayesian spam probability is 0 to 1%
0.08 FVGT_TRIPWIRE_BV
0.08 FVGT_TRIPWIRE_FL
0.08 FVGT_TRIPWIRE_VW
0.60 J_CHICKENPOX_72 {7}Letter - punctuation - {2}Letter
2.10 OB_URI_RBL URI's domain appears in ws database at ob.surbl.org
1.95 REMOVE_REMOVAL_2WORD List removal information
0.35 REMOVE_SUBJ List removal information
2.50 SARE_SPOOF_COM2OTH a.com.b.c
0.08 TW_BV Odd Letter Triples with BV
0.08 TW_FL Odd Letter Triples with FL
0.08 TW_VW Odd Letter Triples with VW
2.10 WS_URI_RBL URI's domain appears in ws database at ws.surbl.org
a total of 5.16
What extra rules have you got installed, the surbl.org and sare_spoof
got the highest scores for me, enough to take me over the 5 I use as a
minimum.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Steve Dimoff wrote:
> Folks,
>
> The past couple of days, I've been getting messages like the one
> below, and I'm not sure how to stop it. I don't understand why SA isn't
> giving it a higher score. I tried searching through the archives but didn't
> see much on it.
>
> Thanks!
>
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************