You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matthias Haegele <mh...@linuxrocks.dyndns.org> on 2007/11/28 09:29:58 UTC
How to catch these?
Hello!
This one got through, any ideas?:
Return-Path: <ph...@live.fr>
X-Original-To: mhaegele@linuxrocks.dyndns.org
Delivered-To: mhaegele@linuxrocks.dyndns.org
Received: from localhost (localhost.localdomain [127.0.0.1])
by hermes.linuxrocks.dyndns.org (Postfix) with ESMTP id 9BE29764010
for <mh...@linuxrocks.dyndns.org>; Wed, 28 Nov 2007 00:04:09 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at localhost.localdomain
X-Spam-Score: 2.794
X-Spam-Level: **
X-Spam-Status: No, score=2.794 required=3.5 tests=[BAYES_50=0.001,
HTML_10_20=1.351, HTML_MESSAGE=0.001, J_CHICKENPOX_74=0.6,
UNDISC_RECIPS=0.841]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Received: from hermes.linuxrocks.dyndns.org ([127.0.0.1])
by localhost (hermes.linuxrocks.dyndns.org [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id eKYikw4rF1n8 for <mh...@linuxrocks.dyndns.org>;
Wed, 28 Nov 2007 00:03:49 +0100 (CET)
Received: from blu139-omc2-s18.blu139.hotmail.com
(blu139-omc2-s18.blu139.hotmail.com [65.55.175.188])
by hermes.linuxrocks.dyndns.org (Postfix) with ESMTP id B61BB764005
for <mh...@linuxrocks.dyndns.org>; Wed, 28 Nov 2007 00:03:41 +0100 (CET)
Received: from BLU111-W50 ([65.55.162.186]) by
blu139-omc2-s18.blu139.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 27 Nov 2007 15:03:40 -0800
Message-ID: <BL...@phx.gbl>
Content-Type: multipart/alternative;
boundary="_a723c12f-5e49-4365-8d30-2ff0c7c47d4d_"
X-Originating-IP: [41.207.195.150]
Reply-To: <ph...@yahoo.fr>
From: philip kakou <ph...@live.fr>
Subject: Attention S V P
Date: Wed, 28 Nov 2007 00:03:40 +0100
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 27 Nov 2007 23:03:40.0250 (UTC)
FILETIME=[BFEE53A0:01C83149]
To: undisclosed-recipients:;
Complete message on:
http://pastebin.com/m77b30ea7
Using: SA 3.1.7 on Debian Etch, SARE-Rules, Sane-Security-Sigs for
Clamav., Postfix 2.3.8
Thx for any help, tips.
--
Grüsse/Greetings
MH
Dont send mail to: ubecatcher@linuxrocks.dyndns.org
--
Re: How to catch these?
Posted by Matthias Haegele <mh...@linuxrocks.dyndns.org>.
Martin.Hepworth schrieb:
> Matthias
>
> My system on 3.1.8 scores this..
Meanwhile i upgraded to:
*** 3.2.3-0.volatile1 0
500 http://ftp.de.debian.org stable/volatile/main Packages
perhaps this helps too ...
> Content analysis details: (7.1 points, 5.0 required)
>
> pts rule name description
> ---- ---------------------- --------------------------------------------------
> 0.5 HELO_EQ_LOCALHOST HELO_EQ_LOCALHOST
> 0.8 UNDISC_RECIPS Valid-looking To "undisclosed-recipients"
> 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails
> -0.0 SPF_PASS SPF: sender matches SPF record
> 2.3 MANGLED_VIDEO BODY: mangled video(s)
> 0.6 J_CHICKENPOX_74 BODY: {7}Letter - punctuation - {4}Letter
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> [score: 0.4796]
> 1.4 HTML_10_20 BODY: Message is 10% to 20% HTML
> 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
> [Blocked - see <http://www.spamcop.net/bl.shtml?65.55.162.186>]
>
> The MANGLED_VIDEO is from one of Jennifier's rules on http://www.rulesemporium.com/other-rules.htm - guess which one ;-)
Ty. Would you suggest to use all the other-rules?
(I didnt use them till now, cause i thought they might be outdated, but
it seems "good old rules" fit these days too ;-).
--
Grüsse/Greetings
MH
Dont send mail to: ubecatcher@linuxrocks.dyndns.org
--
Re: How to catch these?
Posted by mouss <mo...@netoyen.net>.
Martin.Hepworth wrote:
> Looks mangled to me - but then I ain't French ;-)
>
if quoted printable is mangled, then you'll block a lot of mail.
and it's a signature that advertizes for a microsoft site. feel free to
block it, but ...
RE: How to catch these?
Posted by "Martin.Hepworth" <ma...@solidstatelogic.com>.
Looks mangled to me - but then I ain't French ;-)
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: Per Jessen [mailto:per@computer.org]
> Sent: 28 November 2007 11:53
> To: users@spamassassin.apache.org
> Subject: RE: How to catch these?
>
> Martin.Hepworth wrote:
>
> > 2.3 MANGLED_VIDEO BODY: mangled video(s)
> >
> > The MANGLED_VIDEO is from one of Jennifier's rules on
> > http://www.rulesemporium.com/other-rules.htm - guess which one ;-)
>
> Yeah, but it fired on a non-mangled version of videos:
>
> toutes les vid=E9os qui
>
>
> /Per Jessen, Zürich
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
RE: How to catch these?
Posted by Per Jessen <pe...@computer.org>.
Martin.Hepworth wrote:
> 2.3 MANGLED_VIDEO BODY: mangled video(s)
>
> The MANGLED_VIDEO is from one of Jennifier's rules on
> http://www.rulesemporium.com/other-rules.htm - guess which one ;-)
Yeah, but it fired on a non-mangled version of videos:
toutes les vid=E9os qui
/Per Jessen, Zürich
RE: How to catch these?
Posted by "Martin.Hepworth" <ma...@solidstatelogic.com>.
Matthias
My system on 3.1.8 scores this..
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.5 HELO_EQ_LOCALHOST HELO_EQ_LOCALHOST
0.8 UNDISC_RECIPS Valid-looking To "undisclosed-recipients"
0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails
-0.0 SPF_PASS SPF: sender matches SPF record
2.3 MANGLED_VIDEO BODY: mangled video(s)
0.6 J_CHICKENPOX_74 BODY: {7}Letter - punctuation - {4}Letter
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.4796]
1.4 HTML_10_20 BODY: Message is 10% to 20% HTML
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?65.55.162.186>]
The MANGLED_VIDEO is from one of Jennifier's rules on http://www.rulesemporium.com/other-rules.htm - guess which one ;-)
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: Matthias Haegele [mailto:mhaegele@linuxrocks.dyndns.org]
> Sent: 28 November 2007 08:30
> To: SpamAssassin
> Subject: How to catch these?
>
> Hello!
>
> This one got through, any ideas?:
>
>
> Return-Path: <ph...@live.fr>
> X-Original-To: mhaegele@linuxrocks.dyndns.org
> Delivered-To: mhaegele@linuxrocks.dyndns.org
> Received: from localhost (localhost.localdomain [127.0.0.1])
> by hermes.linuxrocks.dyndns.org (Postfix) with ESMTP id 9BE29764010
> for <mh...@linuxrocks.dyndns.org>; Wed, 28 Nov 2007 00:04:09
> +0100 (CET)
> X-Virus-Scanned: Debian amavisd-new at localhost.localdomain
> X-Spam-Score: 2.794
> X-Spam-Level: **
> X-Spam-Status: No, score=2.794 required=3.5 tests=[BAYES_50=0.001,
> HTML_10_20=1.351, HTML_MESSAGE=0.001, J_CHICKENPOX_74=0.6,
> UNDISC_RECIPS=0.841]
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Received: from hermes.linuxrocks.dyndns.org ([127.0.0.1])
> by localhost (hermes.linuxrocks.dyndns.org [127.0.0.1]) (amavisd-
> new,
> port 10024)
> with ESMTP id eKYikw4rF1n8 for <mh...@linuxrocks.dyndns.org>;
> Wed, 28 Nov 2007 00:03:49 +0100 (CET)
> Received: from blu139-omc2-s18.blu139.hotmail.com
> (blu139-omc2-s18.blu139.hotmail.com [65.55.175.188])
> by hermes.linuxrocks.dyndns.org (Postfix) with ESMTP id B61BB764005
> for <mh...@linuxrocks.dyndns.org>; Wed, 28 Nov 2007 00:03:41
> +0100 (CET)
> Received: from BLU111-W50 ([65.55.162.186]) by
> blu139-omc2-s18.blu139.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
> Tue, 27 Nov 2007 15:03:40 -0800
> Message-ID: <BL...@phx.gbl>
> Content-Type: multipart/alternative;
> boundary="_a723c12f-5e49-4365-8d30-2ff0c7c47d4d_"
> X-Originating-IP: [41.207.195.150]
> Reply-To: <ph...@yahoo.fr>
> From: philip kakou <ph...@live.fr>
> Subject: Attention S V P
> Date: Wed, 28 Nov 2007 00:03:40 +0100
> Importance: Normal
> MIME-Version: 1.0
> X-OriginalArrivalTime: 27 Nov 2007 23:03:40.0250 (UTC)
> FILETIME=[BFEE53A0:01C83149]
> To: undisclosed-recipients:;
>
> Complete message on:
>
> http://pastebin.com/m77b30ea7
>
> Using: SA 3.1.7 on Debian Etch, SARE-Rules, Sane-Security-Sigs for
> Clamav., Postfix 2.3.8
>
>
> Thx for any help, tips.
>
>
> --
> Grüsse/Greetings
> MH
>
>
> Dont send mail to: ubecatcher@linuxrocks.dyndns.org
> --
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************