You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Andy Spiegl <sp...@spiegl.de> on 2004/02/24 14:13:22 UTC
empty mails with "Received: from MailerVB.de"
Starting yesterday I get tons of empty mails like this one:
Received: from MailerVB.de (host233-229.pool62211.interbusiness.it [62.211.229.233])
by belana.akte.de
via kasmail (2.9)
id <belana-q5blth-ava> 2004-02-24 14:08:14
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on belana.akte.de
X-Spam-Scores: DATE_MISSING=1.917,FROM_NO_LOWER=1.999
X-Spam-Status: No, hits=3.9 required=5.0 tests=DATE_MISSING,FROM_NO_LOWER
autolearn=no version=2.63
X-Spam-Level: ***
Does anyone know what this is (I assume another dumb spammer)
and how to get it to score higher?
Maybe a rule on "MailerVB.de"?
Thanks,
Andy.
--
o _ _ _
------- __o __o /\_ _ \\o (_)\__/o (_) -o)
----- _`\<,_ _`\<,_ _>(_) (_)/<_ \_| \ _|/' \/ /\\
---- (_)/ (_) (_)/ (_) (_) (_) (_) (_)' _\o_ _\_v
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The price of reliability is the pursuit of the utmost simplicity. It is a price
which the very rich find most hard to pay. -- Edsger Wybe Dijkstra
Re: empty mails with "Received: from MailerVB.de"
Posted by Andy Spiegl <sp...@spiegl.de>.
Me again :-)
I just found the info that this HELO-id is used by Sober.B.
So maybe that's a new badly programmed variant of this virus?
I am still very new to SA. Would the following be a good rule?
header MAILERVB Received =~ /MailerVB\.de /
describe MAILERVB MailerVB.de in HELO
score MAILERVB 2.0
Thanks,
Andy.
--
o _ _ _
------- __o __o /\_ _ \\o (_)\__/o (_) -o)
----- _`\<,_ _`\<,_ _>(_) (_)/<_ \_| \ _|/' \/ /\\
---- (_)/ (_) (_)/ (_) (_) (_) (_) (_)' _\o_ _\_v
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Q: If you were to spell out numbers, how far would you
have to go until you would find the letter "A"?
A: One thousand.