You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rob McEwen <ro...@powerviewsystems.com> on 2007/08/01 04:06:10 UTC
Re[2]: Attachments still?
If you don't mind my shameless plug, even though that IP
doesn't show up on any of the blacklists reported by either
dnsstuff.com or robtex.com ...I've had it listed on my ivmSIP.com
"Sender's IP" dnsbl since Sunday, July 15, 2007 12:25 PM.
And there are many more like this! (Still taking testers, if anyone
is interested!)
Rob McEwen
PowerView Systems
(478) 475-9032
rob@powerviewsystems.com
-----Original Message-----
From: "Jari Fredriksson" <ja...@iki.fi>
To: <ro...@webtent.com>, "SpamAssassin" <us...@spamassassin.apache.org>
Date: 07/31/07 21:28
Subject: Re: Attachments still?
Robert Fitzpatrick wrote:
> Still getting these attachments with SA-3.1.7 + SARE + sa-update +
> amavisd + clamav with sanesecurity sigs. Should I be blocking these
> with those rule sets? Can someone test this to see how you may be
> blocking?
>
> http://esmtp.webtent.net/mail1.txt
>
> Thanks :)
Content analysis details: (12.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
0.0 BOTNET_CLIENTWORDS Hostname contains client-like substrings
[botnet_clientwords,ip=66.18.53.26,rdns=static-host-66-18-53-26.epbinternet.com]
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.7,ip=66.18.53.26,hostname=static-host-66-18-53-26.epbinternet.com,maildomain=benmenasha.net,client,ipinhostname,clientwords]
0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain
signs some mails
0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
[botnet_ipinhosntame,ip=66.18.53.26,rdns=static-host-66-18-53-26.epbinternet.com]
0.0 BOTNET_CLIENT Relay has a client-like hostname
[botnet_client,ip=66.18.53.26,hostname=static-host-66-18-53-26.epbinternet.com,ipinhostname,clientwords]
1.9 RCVD_ILLEGAL_IP Received: contains illegal IP address
3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99%
[score: 0.9899]
2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
0.1 BOUNCE_MESSAGE MTA bounce message
0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce message