You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Ma...@atcoitek.com on 2005/07/05 16:41:40 UTC

Any ideas on what would catch this?

I am sure that SURLB and URIBL would catch this now, but what rules
would you recommend to catch this? We do not use bayes, so this is not
an option right now.

Thanks.

Microsoft Mail Internet Headers Version 2.0
Received: from xxx.atco.com ([xx.xx.xx.xx]) by xxx.atco.com with
Microsoft SMTPSVC(6.0.3790.211);
	 Tue, 5 Jul 2005 07:56:47 -0600
Received: from xxx.atco.ca ([xx.xx.xx.xx]) by xxx.atco.com with
Microsoft SMTPSVC(5.0.2195.6713);
	 Tue, 5 Jul 2005 07:56:45 -0600
Received: from xxx.atco.ca ([xx.xx.xx.xx])
 by xxx.atco.ca (SMSSMTP 4.0.0.59) with SMTP id M2005070507564615808
 ; Tue, 05 Jul 2005 07:56:46 -0600
Received: from 204-161-126-200.fibertel.com.ar ([200.126.161.204])
	by xxx.atco.ca with smtp (Exim )
	id 1Dpnum-0001Yc-RY; Tue, 05 Jul 2005 07:56:46 -0600
Received: from laptop ([106.244.171.187])
 by out011.verizon.net (InterMail vM.90.93 201-253-122-122-993-20011231)
 with ESMTP id <27...@nicotine> for
 <Al...@allozinfo.com>; Tue, 05 Jul 2005 06:52:49 -0800
Date: Tue, 05 Jul 2005 06:52:49 -0800
Message-ID: <10...@webmail.avalon.net>
From: "Alexander Hobbs" <Al...@allozinfo.com>
To: xxx@atcoitek.com
Cc: xxx@atcoitek.com, yyy@atcoitek.com, zzz@atcoitek.com
Subject: jessica simpson
X-Mailer: KYX-CP/M FNORD-5609
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on xxx.atco.ca
X-Spam-Level: ***
X-Spam-Status: No, score=3.1 required=5.0 tests=HELO_DYNAMIC_IPADDR2,
	LONGWORDS autolearn=disabled version=3.0.3
Return-Path: Altarqn@allozinfo.com
X-OriginalArrivalTime: 05 Jul 2005 13:56:45.0391 (UTC)
FILETIME=[614CF5F0:01C58169]


Weston see brittany spears get boned!

janet jackson gets a facial! winona rider gets it in both holes!
cameron diaz does it doggy style, angelina jolie fucks & sucks
see http://i9i9innn.com/1/
avrile lavinge
denise richards
jessica simpson
jessica alba
gwen stefani
jennifer lopez and more!

hot exclusive pics!

nco prose lifelike rope batch cogent central embalm tabernacle
postgraduate pliant secondhand compete yearn describe corsage shudder

Re: Any ideas on what would catch this?

Posted by Duncan Hill <sa...@nacnud.force9.co.uk>.

On Tuesday 05 July 2005 15:41, Martin.Carnegie@atcoitek.com typed:

> Received: from 204-161-126-200.fibertel.com.ar ([200.126.161.204])
>  by xxx.atco.ca with smtp (Exim )
>  id 1Dpnum-0001Yc-RY; Tue, 05 Jul 2005 07:56:46 -0600

Deny traffic from \d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.fibertel\.com\.ar perhaps.

> From: "Alexander Hobbs" <Al...@allozinfo.com>

The X-Mailer line is amusing.  allozinfo.com is a real domain, so something 
like postfix's valid sender domain wouldn't apply either.

> jessica alba
> gwen stefani
> jennifer lopez and more!
>
> hot exclusive pics!
>
> nco prose lifelike rope batch cogent central embalm tabernacle
> postgraduate pliant secondhand compete yearn describe corsage shudder

I'm not sure Bayes would even cope with that, considering a good number of 
those words aren't all that unusual (and thus would appear in ham).

Re: Any ideas on what would catch this?

Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.

Hi!

> I am sure that SURLB and URIBL would catch this now, but what rules
> would you recommend to catch this? We do not use bayes, so this is not
> an option right now.

URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 4.26, URIBL_SBL 4.26

Bye,
Raymond.