You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Loren Wilton <lw...@earthlink.net> on 2005/04/14 15:11:24 UTC
The stock spammer with the ||'s
After reading the long thread, I just happened to look in the spam bucket,
and lo! there was one from him.
And looking at it, I see why I hadn't noticed them before - I don't normally
look at spam scoring this high.
Chickenpox is your friend. :-)
Loren
Content analysis details: (29.0 points, 4.6 required)
pts rule name description
---- ---------------------- ------------------------------------------------
--
2.5 LW_BOUNDARY2 Possible ratware MIME boundary --digits
6.2 FH_FAKE_RCVD_LINE_B
1.0 LW_MULT_RECIP5 Five or more recipients in same domain
1.7 SARE_HEAD_HDR_XCSIP Message headers used which identify spam
1.0 LW_MULT_RECIP3 Three or more recipients in same domain
1.0 LW_MULT_RECIP8 Eight or more recipients in same domain
1.0 SARE_RECV_IP_FROMIP3 Received line is IP address from IP address
0.6 J_CHICKENPOX_37 BODY: 3alpha-pock-7alpha
1.0 LW_FUTURISTIC BODY: We can see the future!
1.0 LW_NONPERFORM BODY: We can't see the future!
0.6 J_CHICKENPOX_41 BODY: 4alpha-pock-1alpha
0.6 J_CHICKENPOX_14 BODY: 1alpha-pock-4alpha
0.6 J_CHICKENPOX_21 BODY: 2alpha-pock-1alpha
0.6 J_CHICKENPOX_36 BODY: 3alpha-pock-6alpha
1.0 LW_RANGE52 BODY: Reference to stock trading range
1.0 LW_1933 BODY: Reference to Securities Act
0.6 J_CHICKENPOX_13 BODY: 1alpha-pock-3alpha
0.6 J_CHICKENPOX_24 BODY: 2alpha-pock-4alpha
0.6 J_CHICKENPOX_26 BODY: 2alpha-pock-6alpha
0.6 J_CHICKENPOX_31 BODY: 3alpha-pock-1alpha
0.0 BAYES_50 BODY: Bayesian spam probability is 50 to 56%
[score: 0.5008]
2.7 SORTED_RECIPS Recipient list is sorted by address
2.5 INVALID_MSGID Message-Id is not valid, according to RFC 2822
Re: The stock spammer with the ||'s
Posted by wolfgang <me...@gmx.net>.
i have been trying to catch those for a while, partly successfully.
thanks for the chickenpox hint, that looks like a good add-on.
while fiddling with my rules, i noticed something strange:
rawbody SOMERULE /\bmai\|\b/
will not work
rawbody SOMERULE /\bmai\|/
will. same with rules that start with \b\|
with \b before or after \| they won't work and even stop other rules from
matching apparently. can someone confirm and/or even explain that?
regards,
wolfgang