You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Homer <hp...@homershut.net> on 2004/07/22 01:43:47 UTC
Re: [syec.support.department@sharingexperiences.us: A user is
looking for opinions about: iqbala@qwestip.net]
On Wed, 2004-07-21 at 17:56, Asif Iqbal wrote:
> Hi
>
> I am using SA 2.63 + rules_du_jour and still this spam (forwarde mesg) slipped through
> it. Should I need to add a new .cf line to block this kind of spam. I am
> not reporting an spam, I am just assuming this is a know spam that my SA
> 2.63 failed to detect.
>
> Any help/suggestion to catch these kind of spam besides using sa-learn
> would be greatly appreciated
>
> Thanks
From:
<http://www.rulesemporium.com/cgi-bin/uribl.cgi?report=1;uri=lawful7322dryg.us;list=URIBL:ws.surbl.org;>
sharyxp.us
* URIBL: ws.surbl.org: listed [Blocked, See:
http://www.stearns.org/sa-blacklist/]
* URIBL: sc.surbl.org: not listed
* URIBL: ob.surbl.org: listed [Blocked, See:
http://www.surbl.org/lists.html#ob]
* URIBL: multi.surbl.org: listed [Blocked, sharyxp.us on lists
[ws][ob], See: http://www.surbl.org/lists.html]
* URIBL: ab.surbl.org: not listed
See http://surbl.org for info on how to implement, along with a serch
of the archives from this list.
--
Homer Parker /"\ ASCII Ribbon Campaign
BOFH for homershut.net \ / No HTML/RTF in email
http://www.homershut.net x No Word docs in email
telnet://bbs.homershut.net / \ Respect for open standards
"Bill Gates reports on security progress made and the challenges ahead."
-- Microsoft's Homepage, on the day an SQL Server bug crippled large
sections of the Internet.
Re: [SPAM-TAG] Re: [syec.support.department@sharingexperiences.us: A user is looking for opinions about: iqbala@qwestip.net]
Posted by Jeff Chan <je...@surbl.org>.
On Wednesday, July 21, 2004, 8:45:49 PM, Asif Iqbal wrote:
> Homer wrote:
>>
>> From:
>>
>> <http://www.rulesemporium.com/cgi-bin/uribl.cgi?report=1;uri=lawful7322dryg.us;list=URIBL:ws.surbl.org;>
>>
>> sharyxp.us
>>
>>
>> * URIBL: ws.surbl.org: listed [Blocked, See:
>> http://www.stearns.org/sa-blacklist/]
>> * URIBL: sc.surbl.org: not listed
>> * URIBL: ob.surbl.org: listed [Blocked, See:
>> http://www.surbl.org/lists.html#ob]
>> * URIBL: multi.surbl.org: listed [Blocked, sharyxp.us on lists
>> [ws][ob], See: http://www.surbl.org/lists.html]
>> * URIBL: ab.surbl.org: not listed
>>
>> See http://surbl.org for info on how to implement, along with a serch
>> of the archives from this list.
> I am already using that. Here is the output I get
> Also I pass the emails through list.dsbl.org and sbl-xbl.spamhaus.org
> Here is the spamassassin -t -D of this email gives me.
> Sorry for sending such a big output but it may help to get some good
> suggestion of blocking spams like this in the future. Please advise if I
> should have send the report differently, like an attachment. Thanks a
> lot
> --- report begins --- (look for the phrase "report ends" for the end of
> this report)
[...]
> debug: Razor2 results: spam? 0 highest cf score: 0
> debug: running raw-body-text per-line regexp tests; score so far=0
> debug: running uri tests; score so far=0
> debug: uri tests: Done uriRE
> debug: checking url: http://3.shareye.us/lx.php?a=donotemail&b=iqbala@qwestip.net
> debug: querying for shareye.us.sc.surbl.org
> debug: Query failed for shareye.us.sc.surbl.org
> debug: checking url: mailto://3.shareye.us/lx.php?a=donotemail&b=iqbala@qwestip.net
> debug: checking url: http://7.sharyxp.us/lx.php?a=search&b=5&c=iqbala@qwestip.net
> debug: querying for sharyxp.us.sc.surbl.org
> debug: Query failed for sharyxp.us.sc.surbl.org
> debug: checking url: mailto://7.sharyxp.us/lx.php?a=search&b=5&c=iqbala@qwestip.net
> debug: running full-text regexp tests; score so far=0
> debug: Razor2 is available
[...]
This shows that you're using only the sc.surbl.org list.
If you add the others in, as Homer has done, you will see
these domains are listed in ws.surbl.org and ob.surbl.org.
The various SURBL lists are described at:
http://www.surbl.org/lists.html
And the Quick Start has sample rules and scores if you want
to add the other lists to your configs.
http://www.surbl.org/quickstart.html
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: [syec.support.department@sharingexperiences.us: A user is looking for opinions about: iqbala@qwestip.net]
Posted by Jeff Chan <je...@surbl.org>.
[re-sending; forgot to munge the spammy URIs, causing my reply
to get discarded.]
On Wednesday, July 21, 2004, 8:45:49 PM, Asif Iqbal wrote:
> Homer wrote:
>>
>> From:
>>
>> <http://www.rulesemporium.com/cgi-bin/uribl.cgi?report=1;uri=lawful7322dryg.us;list=URIBL:ws.surbl.org;>
>>
>> sharyxp.us
>>
>>
>> * URIBL: ws.surbl.org: listed [Blocked, See:
>> http://www.stearns.org/sa-blacklist/]
>> * URIBL: sc.surbl.org: not listed
>> * URIBL: ob.surbl.org: listed [Blocked, See:
>> http://www.surbl.org/lists.html#ob]
>> * URIBL: multi.surbl.org: listed [Blocked, sharyxp.us on lists
>> [ws][ob], See: http://www.surbl.org/lists.html]
>> * URIBL: ab.surbl.org: not listed
>>
>> See http://surbl.org for info on how to implement, along with a serch
>> of the archives from this list.
> I am already using that. Here is the output I get
> Also I pass the emails through list.dsbl.org and sbl-xbl.spamhaus.org
> Here is the spamassassin -t -D of this email gives me.
> Sorry for sending such a big output but it may help to get some good
> suggestion of blocking spams like this in the future. Please advise if I
> should have send the report differently, like an attachment. Thanks a
> lot
> --- report begins --- (look for the phrase "report ends" for the end of
> this report)
[...]
> debug: Razor2 results: spam? 0 highest cf score: 0
> debug: running raw-body-text per-line regexp tests; score so far=0
> debug: running uri tests; score so far=0
> debug: uri tests: Done uriRE
> debug: checking url: http://3.shareye-MUNGED.us/lx.php?a=donotemail&b=iqbala@qwestip.net
> debug: querying for shareye.us.sc.surbl.org
> debug: Query failed for shareye.us.sc.surbl.org
> debug: checking url: mailto://3.shareye.us-MUNGED/lx.php?a=donotemail&b=iqbala@qwestip.net
> debug: checking url: http://7.sharyxp.us-MUNGED/lx.php?a=search&b=5&c=iqbala@qwestip.net
> debug: querying for sharyxp.us.sc.surbl.org
> debug: Query failed for sharyxp.us.sc.surbl.org
> debug: checking url: mailto://7.sharyxp.us-MUNGED/lx.php?a=search&b=5&c=iqbala@qwestip.net
> debug: running full-text regexp tests; score so far=0
> debug: Razor2 is available
[...]
This shows that you're using only the sc.surbl.org list.
If you add the others in, as Homer has done, you will see
these domains are listed in ws.surbl.org and ob.surbl.org.
The various SURBL lists are described at:
http://www.surbl.org/lists.html
And the Quick Start has sample rules and scores if you want
to add the other lists to your configs.
http://www.surbl.org/quickstart.html
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: [syec.support.department@sharingexperiences.us: A user is looking for opinions about: iqbala@qwestip.net]
Posted by Asif Iqbal <iq...@qwestip.net>.
Homer wrote:
>
> From:
>
> <http://www.rulesemporium.com/cgi-bin/uribl.cgi?report=1;uri=lawful7322dryg.us;list=URIBL:ws.surbl.org;>
>
> sharyxp.us
>
>
> * URIBL: ws.surbl.org: listed [Blocked, See:
> http://www.stearns.org/sa-blacklist/]
> * URIBL: sc.surbl.org: not listed
> * URIBL: ob.surbl.org: listed [Blocked, See:
> http://www.surbl.org/lists.html#ob]
> * URIBL: multi.surbl.org: listed [Blocked, sharyxp.us on lists
> [ws][ob], See: http://www.surbl.org/lists.html]
> * URIBL: ab.surbl.org: not listed
>
> See http://surbl.org for info on how to implement, along with a serch
> of the archives from this list.
I am already using that. Here is the output I get
Also I pass the emails through list.dsbl.org and sbl-xbl.spamhaus.org
Here is the spamassassin -t -D of this email gives me.
Sorry for sending such a big output but it may help to get some good
suggestion of blocking spams like this in the future. Please advise if I
should have send the report differently, like an attachment. Thanks a
lot
--- report begins --- (look for the phrase "report ends" for the end of
this report)
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/usr/bin', keeping.
debug: Final PATH set to: /usr/bin
debug: using "/usr/local/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/var/qmail/.spamassassin" for user state dir
debug: using "/var/qmail/.spamassassin/user_prefs" for user prefs file
debug: bayes: 27473 tie-ing to DB file R/O /var/qmail/.spamassassin/bayes_toks
debug: bayes: 27473 tie-ing to DB file R/O /var/qmail/.spamassassin/bayes_seen
debug: bayes: found bayes db version 2
debug: Score set 3 chosen.
debug: Initialising learner
debug: received-header: parsed as [ ip=209.25.147.47 rdns=NO?REVERSE?DNS helo=BENDER.SHARINGEXPERIENCES.US by=qmail.qwestip.net ident= ]
debug: is Net::DNS::Resolver available? yes
debug: trying (3) amazon.com...
debug: looking up MX for 'amazon.com'
debug: MX for 'amazon.com' exists? 1
debug: MX lookup of amazon.com succeeded => Dns available (set dns_available to hardcode)
debug: is DNS available? 1
debug: received-header: 'by' qmail.qwestip.net has public IP 205.171.7.14
debug: received-header: relay 209.25.147.47 trusted? no
debug: Loading languages file...
debug: Language possibly: en
debug: all '*From' addrs: syec.support.department@sharingexperiences.us root@BENDER.SHARINGEXPERIENCES.US
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0
debug: bayes corpus size: nspam = 60418, nham = 49844
debug: uri tests: Done uriRE
debug: tokenize: header tokens for *p = "U*root D*BENDER.SHARINGEXPERIENCES.US D*SHARINGEXPERIENCES.US D*US"
debug: tokenize: header tokens for *M = " 20040721175457 25595 qmail BENDER SHARINGEXPERIENCES US "
debug: tokenize: header tokens for To = "U*iqbala D*qwestip.net D*net"
debug: tokenize: header tokens for *F = "U*syec.support.department D*sharingexperiences.us D*us"
debug: tokenize: header tokens for *r = "(qmail 25596 invoked by uid 48); "
debug: tokenize: header tokens for *r = "(qmail 25596 invoked by uid 48); NO?REVERSE?DNS (HELO BENDER.SHARINGEXPERIENCES.US) ([209.25.147]) (envelope-sender <ro...@BENDER.SHARINGEXPERIENCES.US>) by qmail.qwestip.net (qmail-ldap-1.03) <iq...@qwestip.net>; "
debug: bayes token 'folder' => 0.000138267797481367
debug: bayes token 'filtering' => 0.00561215347439161
debug: bayes token 'ISP' => 0.0059827152444522
debug: bayes token 'experiences' => 0.0105490196078431
debug: bayes token 'Identity' => 0.0131219512195122
debug: bayes token 'appears' => 0.01570661263104
debug: bayes token 'Request' => 0.0324739731054778
debug: bayes token 'sk:iqbala@' => 0.0339140009389403
debug: bayes token 'U*iqbala' => 0.0339140009389403
debug: bayes token 'notifications' => 0.0457854701960537
debug: bayes token 'N:N.sharyxp.us' => 0.0489090909090909
debug: bayes token 'SYE' => 0.0489090909090909
debug: bayes token 'lx.php' => 0.0489090909090909
debug: bayes token '7.sharyxp.us' => 0.0489090909090909
debug: bayes token 'ALERT!' => 0.0489090909090909
debug: bayes token 'SYEC' => 0.0489090909090909
debug: bayes token '3.shareye.us' => 0.0489090909090909
debug: bayes token 'donotemail' => 0.0489090909090909
debug: bayes token 'N:N.shareye.us' => 0.0489090909090909
debug: bayes token 'UD:sharyxp.us' => 0.0489090909090909
debug: bayes token 'UD:shareye.us' => 0.0489090909090909
debug: bayes token 'H*M:qmail' => 0.0537039958530562
debug: bayes token 'user' => 0.0576386191395767
debug: bayes token 'trying' => 0.0627045976297432
debug: bayes token 'Someone' => 0.0630578124791129
debug: bayes token 'posted' => 0.0637317471406309
debug: bayes token 'records' => 0.0656659200858551
debug: bayes token 'H*r:REVERSE' => 0.927755008335859
debug: bayes token 'H*r:DNS' => 0.927755008335859
debug: bayes token 'UD:php' => 0.925192045878898
debug: bayes token 'Support' => 0.091542245913022
debug: bayes token 'posting' => 0.0917431353573247
debug: bayes token 'print' => 0.0949152743184543
debug: bayes token 'spam' => 0.0976938877190254
debug: bayes token 'List' => 0.102119691674802
debug: bayes token 'Email' => 0.107018256877774
debug: bayes token 'search' => 0.114415077274964
debug: bayes token 'respond' => 0.127655028140152
debug: bayes token 'party' => 0.871632882186088
debug: bayes token 'H*r:uid' => 0.132892152186035
debug: bayes token 'H*r:invoked' => 0.133248701279788
debug: bayes token 'H*r:qmail' => 0.133483469143708
debug: bayes token 'N:H*r:NNNNN' => 0.134394936564034
debug: bayes token 'etc' => 0.147075172086675
debug: bayes token 'inform' => 0.150520491839901
debug: bayes: score = 1.06470388061553e-12
debug: bayes: 27473 untie-ing
debug: bayes: 27473 untie-ing db_toks
debug: bayes: 27473 untie-ing db_seen
debug: Razor2 is available
debug: entering helper-app run mode
Razor-Log: Computed razorhome from env: /var/qmail/.razor
Razor-Log: No razorhome found, using all defaults
Razor-Log: No razor-agent.conf found, using defaults.
Jul 21 23:36:55.634706 check[27473]: [ 1] [bootup] Logging initiated LogDebugLevel=9 to stdout
Jul 21 23:36:55.636272 check[27473]: [ 5] computed razorhome=, conf=, ident=identity
Jul 21 23:36:55.637026 check[27473]: [ 8] Client supported_engines: 1 2 3 4
Jul 21 23:36:55.638798 check[27473]: [ 8] prep_mail done: mail 1 headers=1039, mime0=1687
Jul 21 23:36:55.639562 check[27473]: [ 7] Can't read file servers.discovery.lst, looking relatve to
Jul 21 23:36:55.640044 check[27473]: [ 5] Can't read file /servers.discovery.lst: No such file or directory
Jul 21 23:36:55.640481 check[27473]: [ 7] Can't read file servers.nomination.lst, looking relatve to
Jul 21 23:36:55.641070 check[27473]: [ 5] Can't read file /servers.nomination.lst: No such file or directory
Jul 21 23:36:55.641501 check[27473]: [ 7] Can't read file servers.catalogue.lst, looking relatve to
Jul 21 23:36:55.641927 check[27473]: [ 5] Can't read file /servers.catalogue.lst: No such file or directory
Jul 21 23:36:55.642649 check[27473]: [ 5] no listfile: servers.catalogue.lst
Jul 21 23:36:55.643152 check[27473]: [ 6] no discovery listfile: servers.discovery.lst
Jul 21 23:36:55.643528 check[27473]: [ 5] Finding Discovery Servers via DNS in the razor2.cloudmark.com zone
Jul 21 23:36:55.678631 check[27473]: [ 6] Found 1 Discovery Servers via DNS in the razor2.cloudmark.com zone
Jul 21 23:36:55.679223 check[27473]: [ 8] Checking with Razor Discovery Server 66.151.150.12
Jul 21 23:36:55.679710 check[27473]: [ 6] No port specified, using 2703
Jul 21 23:36:55.680088 check[27473]: [ 5] Connecting to 66.151.150.12 ...
Jul 21 23:36:55.823823 check[27473]: [ 8] Connection established
Jul 21 23:36:55.824463 check[27473]: [ 4] 66.151.150.12 >> 35 server greeting: sn=D&srl=436&a=l&a=cg&ep4=7542-10
Jul 21 23:36:55.825215 check[27473]: [ 4] 66.151.150.12 << 12
Jul 21 23:36:55.825588 check[27473]: [ 6] a=g&pm=csl
Jul 21 23:36:55.897957 check[27473]: [ 4] 66.151.150.12 >> 76
Jul 21 23:36:55.898380 check[27473]: [ 6] response to sent.1
-csl=?
pride.cloudmark.com
thrill.cloudmark.com
wonder.cloudmark.com
.
Jul 21 23:36:55.899146 check[27473]: [ 8] Discovery Server 66.151.150.12 replying with csl=pride.cloudmark.com
Jul 21 23:36:55.899549 check[27473]: [ 8] Discovery Server 66.151.150.12 replying with csl=thrill.cloudmark.com
Jul 21 23:36:55.899932 check[27473]: [ 8] Discovery Server 66.151.150.12 replying with csl=wonder.cloudmark.com
Jul 21 23:36:55.900599 check[27473]: [ 4] 66.151.150.12 << 12
Jul 21 23:36:55.901078 check[27473]: [ 6] a=g&pm=nsl
Jul 21 23:36:55.973376 check[27473]: [ 4] 66.151.150.12 >> 51
Jul 21 23:36:55.973802 check[27473]: [ 6] response to sent.2
-nsl=?
joy.cloudmark.com
folly.cloudmark.com
.
Jul 21 23:36:55.974453 check[27473]: [ 8] Discovery Server 66.151.150.12 replying with nsl=joy.cloudmark.com
Jul 21 23:36:55.974848 check[27473]: [ 8] Discovery Server 66.151.150.12 replying with nsl=folly.cloudmark.com
Jul 21 23:36:55.975625 check[27473]: [ 5] no razorhome, not caching server info to disk
Jul 21 23:36:55.976240 check[27473]: [ 6] losing old server connection, 66.151.150.12, for new server, thrill.cloudmark.com
Jul 21 23:36:55.976657 check[27473]: [ 5] disconnecting from server 66.151.150.12
Jul 21 23:36:55.977266 check[27473]: [ 4] 66.151.150.12 << 5
Jul 21 23:36:55.977650 check[27473]: [ 6] a=q
Jul 21 23:36:55.978179 check[27473]: [ 5] Connecting to thrill.cloudmark.com ...
Jul 21 23:36:56.123260 check[27473]: [ 8] Connection established
Jul 21 23:36:56.123959 check[27473]: [ 4] thrill.cloudmark.com >> 36 server greeting: sn=C&srl=5015&a=l&a=cg&ep4=7542-10
Jul 21 23:36:56.125351 check[27473]: [ 4] thrill.cloudmark.com << 25
Jul 21 23:36:56.125728 check[27473]: [ 6] cn=razor-agents&cv=2.36
Jul 21 23:36:56.126565 check[27473]: [ 4] thrill.cloudmark.com << 14
Jul 21 23:36:56.126947 check[27473]: [ 6] a=g&pm=state
Jul 21 23:36:56.268290 check[27473]: [ 4] thrill.cloudmark.com >> 142
Jul 21 23:36:56.268709 check[27473]: [ 6] response to sent.5
-sv=3.40
sn=C
zone=razor2.cloudmark.com
ac=6
srl=5015
lm=4
bql=50
bqs=129
dre=4
se=D8
srf=FF
ep4=7542-10
ep8=5
pp=1
crt=100
.
Jul 21 23:36:56.271261 check[27473]: [ 5] Updated to new server state srl 5015 for server thrill.cloudmark.com
Jul 21 23:36:56.271941 check[27473]: [ 6] thrill.cloudmark.com is a Catalogue Server srl 5015; computed min_cf=6, Server se: D8
Jul 21 23:36:56.272669 check[27473]: [ 8] Computed supported_engines: 4
Jul 21 23:36:56.273089 check[27473]: [ 5] no razorhome, not caching server info to disk
Jul 21 23:36:56.273443 check[27473]: [ 5] srl was updated, forcing discovery ...
Jul 21 23:36:56.273960 check[27473]: [ 5] no listfile: servers.catalogue.lst
Jul 21 23:36:56.274430 check[27473]: [ 8] already have 1 discovery servers
Jul 21 23:36:56.274863 check[27473]: [ 8] Checking with Razor Discovery Server 66.151.150.12
Jul 21 23:36:56.275379 check[27473]: [ 6] losing old server connection, thrill.cloudmark.com, for new server, 66.151.150.12
Jul 21 23:36:56.275769 check[27473]: [ 5] disconnecting from server thrill.cloudmark.com
Jul 21 23:36:56.276462 check[27473]: [ 4] thrill.cloudmark.com << 5
Jul 21 23:36:56.276835 check[27473]: [ 6] a=q
Jul 21 23:36:56.277364 check[27473]: [ 5] Connecting to 66.151.150.12 ...
Jul 21 23:36:56.420597 check[27473]: [ 8] Connection established
Jul 21 23:36:56.421222 check[27473]: [ 4] 66.151.150.12 >> 35 server greeting: sn=D&srl=436&a=l&a=cg&ep4=7542-10
Jul 21 23:36:56.421879 check[27473]: [ 4] 66.151.150.12 << 12
Jul 21 23:36:56.422269 check[27473]: [ 6] a=g&pm=csl
Jul 21 23:36:56.494846 check[27473]: [ 4] 66.151.150.12 >> 76
Jul 21 23:36:56.495264 check[27473]: [ 6] response to sent.7
-csl=?
thrill.cloudmark.com
pride.cloudmark.com
wonder.cloudmark.com
.
Jul 21 23:36:56.495943 check[27473]: [ 8] Discovery Server 66.151.150.12 replying with csl=thrill.cloudmark.com
Jul 21 23:36:56.496336 check[27473]: [ 8] Discovery Server 66.151.150.12 replying with csl=pride.cloudmark.com
Jul 21 23:36:56.496714 check[27473]: [ 8] Discovery Server 66.151.150.12 replying with csl=wonder.cloudmark.com
Jul 21 23:36:56.497368 check[27473]: [ 4] 66.151.150.12 << 12
Jul 21 23:36:56.497748 check[27473]: [ 6] a=g&pm=nsl
Jul 21 23:36:56.570006 check[27473]: [ 4] 66.151.150.12 >> 51
Jul 21 23:36:56.570417 check[27473]: [ 6] response to sent.8
-nsl=?
folly.cloudmark.com
joy.cloudmark.com
.
Jul 21 23:36:56.571150 check[27473]: [ 8] Discovery Server 66.151.150.12 replying with nsl=folly.cloudmark.com
Jul 21 23:36:56.571549 check[27473]: [ 8] Discovery Server 66.151.150.12 replying with nsl=joy.cloudmark.com
Jul 21 23:36:56.572281 check[27473]: [ 5] no razorhome, not caching server info to disk
Jul 21 23:36:56.572987 check[27473]: [ 5] no razorhome, not caching server info to disk
Jul 21 23:36:56.573444 check[27473]: [ 8] Using next closest server thrill.cloudmark.com:2703, cached info srl 5015
Jul 21 23:36:56.574005 check[27473]: [ 8] mail 1 Subject: A user is looking for opinions about: iqbala@qwestip.net
Jul 21 23:36:56.578974 check[27473]: [ 6] preproc: mail 1.0 went from 1687 bytes to 1648
Jul 21 23:36:56.579557 check[27473]: [ 6] computing sigs for mail 1.0, len 1648
Jul 21 23:36:56.585156 check[27473]: [ 6] skipping whitelist file (empty?): razor-whitelist
Jul 21 23:36:56.585613 check[27473]: [ 6] losing old server connection, 66.151.150.12, for new server, thrill.cloudmark.com
Jul 21 23:36:56.585993 check[27473]: [ 5] disconnecting from server 66.151.150.12
Jul 21 23:36:56.586606 check[27473]: [ 4] 66.151.150.12 << 5
Jul 21 23:36:56.586970 check[27473]: [ 6] a=q
Jul 21 23:36:56.587515 check[27473]: [ 5] Connecting to thrill.cloudmark.com ...
Jul 21 23:36:56.731786 check[27473]: [ 8] Connection established
Jul 21 23:36:56.732610 check[27473]: [ 4] thrill.cloudmark.com >> 36 server greeting: sn=C&srl=5015&a=l&a=cg&ep4=7542-10
Jul 21 23:36:56.734058 check[27473]: [ 4] thrill.cloudmark.com << 25
Jul 21 23:36:56.734449 check[27473]: [ 6] cn=razor-agents&cv=2.36
Jul 21 23:36:56.735302 check[2747debug: Using results from Razor v2.36
debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0
debug: leaving helper-app run mode
3]: [ 6] thrill.cloudmark.com is a Catalogue Server srl 5015; computed min_cf=6, Server se: D8
Jul 21 23:36:56.736155 check[27473]: [ 8] Computed supported_engines: 4
Jul 21 23:36:56.736771 check[27473]: [ 8] mail 1.0 e4 sig: QybWOZx5fc0-DdH5wSfMOiN_rvwA
Jul 21 23:36:56.737440 check[27473]: [ 8] preparing 1 queries
Jul 21 23:36:56.738217 check[27473]: [ 8] sending 1 batches
Jul 21 23:36:56.738936 check[27473]: [ 4] thrill.cloudmark.com << 52
Jul 21 23:36:56.739324 check[27473]: [ 6] a=c&e=4&ep4=7542-10&s=QybWOZx5fc0-DdH5wSfMOiN_rvwA
Jul 21 23:36:57.138604 check[27473]: [ 4] thrill.cloudmark.com >> 5
Jul 21 23:36:57.139033 check[27473]: [ 6] response to sent.11
p=0
Jul 21 23:36:57.140327 check[27473]: [ 6] mail 1.0 e=4 sig=QybWOZx5fc0-DdH5wSfMOiN_rvwA: sig not found.
Jul 21 23:36:57.140850 check[27473]: [ 7] method 4: mail 1.0: no-contention part, spam=0
Jul 21 23:36:57.141235 check[27473]: [ 7] method 4: mail 1: all non-contention parts not spam, mail not spam
Jul 21 23:36:57.141641 check[27473]: [ 3] mail 1 is not known spam.
Jul 21 23:36:57.142049 check[27473]: [ 5] disconnecting from server thrill.cloudmark.com
Jul 21 23:36:57.142761 check[27473]: [ 4] thrill.cloudmark.com << 5
Jul 21 23:36:57.143129 check[27473]: [ 6] a=q
debug: Razor2 results: spam? 0 highest cf score: 0
debug: running raw-body-text per-line regexp tests; score so far=0
debug: running uri tests; score so far=0
debug: uri tests: Done uriRE
debug: checking url: http://3.shareye.us/lx.php?a=donotemail&b=iqbala@qwestip.net
debug: querying for shareye.us.sc.surbl.org
debug: Query failed for shareye.us.sc.surbl.org
debug: checking url: mailto://3.shareye.us/lx.php?a=donotemail&b=iqbala@qwestip.net
debug: checking url: http://7.sharyxp.us/lx.php?a=search&b=5&c=iqbala@qwestip.net
debug: querying for sharyxp.us.sc.surbl.org
debug: Query failed for sharyxp.us.sc.surbl.org
debug: checking url: mailto://7.sharyxp.us/lx.php?a=search&b=5&c=iqbala@qwestip.net
debug: running full-text regexp tests; score so far=0
debug: Razor2 is available
debug: DCCifd is not available: no r/w dccifd socket found.
debug: all '*To' addrs: iqbala@qwestip.net
debug: DNS MX records found: 0
debug: DNS A records found: 1
debug: forged-HELO: from=no?reverse?dns helo=bender.sharingexperiences.us by=qwestip.net
debug: RBL: success for 10 of 10 queries
debug: running meta tests; score so far=1.5
debug: auto-learn? ham=0.1, spam=12, body-hits=1.5, head-hits=1.5
debug: auto-learn: currently using scoreset 3. recomputing score based on scoreset 1.
debug: Score set 1 chosen.
debug: auto-learn: original score: 1.5, recomputed score: 2.25
debug: Score set 3 chosen.
debug: auto-learn? no: inside auto-learn thresholds
debug: is spam? score=-3.4 required=5 tests=BAYES_00,RCVD_IN_BL_SPAMCOP_NET
Return-Path: <ro...@BENDER.SHARINGEXPERIENCES.US>
Delivered-To: iqbala@qwestip.net
Received: (qmail 29293 invoked by uid 7801); 21 Jul 2004 19:05:36 -0000
Received: from root@BENDER.SHARINGEXPERIENCES.US by qmail by uid 7791 with qmail-scanner-1.22-st-qms
(clamdscan: 0.74. spamassassin: 2.63. Clear:RC:0(209.25.147.47):SA:0(-3.4/5.0):.
Processed in 5.005223 secs); 21 Jul 2004 19:05:36 -0000
Received: from NO?REVERSE?DNS (HELO BENDER.SHARINGEXPERIENCES.US) ([209.25.147.47]) (envelope-sender <ro...@BENDER.SHARINGEXPERIENCES.US>)
by qmail.qwestip.net (qmail-ldap-1.03) with SMTP
for <iq...@qwestip.net>; 21 Jul 2004 19:05:30 -0000
Received: (qmail 25596 invoked by uid 48); 21 Jul 2004 17:54:57 -0000
Date: 21 Jul 2004 17:54:57 -0000
Message-ID: <20...@BENDER.SHARINGEXPERIENCES.US>
To: iqbala@qwestip.net
Subject: A user is looking for opinions about: iqbala@qwestip.net
From: SYEC SUPPORT DEPARTMENT <sy...@sharingexperiences.us>
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
qmail.arl.qwestip.net
X-Spam-Level:
X-Spam-Status: No, hits=-3.4 required=5.0 tests=BAYES_00,
RCVD_IN_BL_SPAMCOP_NET autolearn=no version=2.63
********************************************************************
Important message from SYE Support Department.
Please print and keep this for your records.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ALERT! - Someone who knows you is trying to share opinions and experiences about you via our website.
The purpose of this email is to inform you that a posting has been made about you at our website. This is email is not commercial in nature.
If this email message was delivered to your spam or bulk email folder please notify your ISP or spam filtering company regarding this mistake on their part.
To see what the user posted about you use this link:
http://7.sharyxp.us/lx.php?a=search&b=5&c=iqbala@qwestip.net
Our Identity Protection System is a simple system in which this website sends email messages to the Experience Request author on your behalf, and vice versa. This website will never reveal the identity of the Experience Request author to you, nor will it reveal your identity to the author of the Experience Request.
The Experience Request author will receive your message in an email sent from our website. He/she can then respond to your message via our website by clicking a custom link that appears in the email.
Communication then continues back and forth via our Identity Protection System until one party or the other provides other contact means (phone number, etc.).
IMPORTANT - To avoid future notifications like this simply add this email address to our Do Not Email List here:
http://3.shareye.us/lx.php?a=donotemail&b=iqbala@qwestip.net
Sincerely,
SYEC Support Department
Spam detection software, running on the system "qmail.arl.qwestip.net", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Important message from SYE Support Department. Please
print and keep this for your records.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[...]
Content analysis details: (-3.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?209.25.147.47>]
--- report ends ---
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
There's no place like 127.0.0.1