You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Robert Fitzpatrick <li...@webtent.net> on 2007/08/01 03:05:02 UTC
Attachments still?
Still getting these attachments with SA-3.1.7 + SARE + sa-update +
amavisd + clamav with sanesecurity sigs. Should I be blocking these with
those rule sets? Can someone test this to see how you may be blocking?
http://esmtp.webtent.net/mail1.txt
Thanks :)
--
Robert
Re: Attachments still?
Posted by Jari Fredriksson <ja...@iki.fi>.
Robert Fitzpatrick wrote:
> Still getting these attachments with SA-3.1.7 + SARE + sa-update +
> amavisd + clamav with sanesecurity sigs. Should I be blocking these
> with those rule sets? Can someone test this to see how you may be
> blocking?
>
> http://esmtp.webtent.net/mail1.txt
>
> Thanks :)
Content analysis details: (12.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
0.0 BOTNET_CLIENTWORDS Hostname contains client-like substrings
[botnet_clientwords,ip=66.18.53.26,rdns=static-host-66-18-53-26.epbinternet.com]
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.7,ip=66.18.53.26,hostname=static-host-66-18-53-26.epbinternet.com,maildomain=benmenasha.net,client,ipinhostname,clientwords]
0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain
signs some mails
0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
[botnet_ipinhosntame,ip=66.18.53.26,rdns=static-host-66-18-53-26.epbinternet.com]
0.0 BOTNET_CLIENT Relay has a client-like hostname
[botnet_client,ip=66.18.53.26,hostname=static-host-66-18-53-26.epbinternet.com,ipinhostname,clientwords]
1.9 RCVD_ILLEGAL_IP Received: contains illegal IP address
3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99%
[score: 0.9899]
2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
0.1 BOUNCE_MESSAGE MTA bounce message
0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce message
Re: Attachments still?
Posted by Matt Kettler <mk...@verizon.net>.
Robert Fitzpatrick wrote:
> Still getting these attachments with SA-3.1.7 + SARE + sa-update +
> amavisd + clamav with sanesecurity sigs. Should I be blocking these with
> those rule sets? Can someone test this to see how you may be blocking?
>
> http://esmtp.webtent.net/mail1.txt
>
> Thanks :)
>
3.2.0 seems to do a nice job here.
All of these tests are in a vanilla 3.2.0 with sa-update on my test system.
X-Spam-Status: Yes, score=6.6 required=5.0 tests=DKIM_POLICY_SIGNSOME,
FH_HELO_EQ_D_D_D_D,RCVD_ILLEGAL_IP,TVD_SPACE_RATIO autolearn=no
version=
3.2.0
0.5 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain
signs some mails
3.2 RCVD_ILLEGAL_IP Received: contains illegal IP address
2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO