You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by jfchaput <jf...@publi-web.net> on 2008/02/27 15:20:06 UTC
Need rule for this type of spam
Hi,
My spamassassin setup work great but I receive alot spam like this :
Subject: M!cro soft Office_2OO7 for XP,Vis+a 79. Retail 838 -save 2466-
sas jmp statistical discovery 7 - 129
use -newsoftdeal .com- |n Web Browser
Erase - before you use |n Web Browser
ulead photoImpact x3 - 29
intuit quickbooks premier edition 2007 - 79
intuit quicken home and business 2008 - 39
cdmenupro 6.23 biz edition - 39
alias maya 7.0 unlimited - 109
autodesk architectural studio 3.0 - 39
parallels desktop 3.0 for mac - 29
Can somebody provide me a rule for that or help to create a custom rule?
Thanks
--
View this message in context: http://www.nabble.com/Need-rule-for-this-type-of-spam-tp15714057p15714057.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Need rule for this type of spam
Posted by jfchaput <jf...@publi-web.net>.
I will check that.
Thank a lot
--[ UxBoD ]-- wrote:
>
> score here as follows :-
>
> Content analysis details: (17.1 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 5.0 BOTNET Relay might be a spambot or virusbot
> [botnet0.8,ip=213.189.148.42,rdns=ip-213-189-148-042.fix.magnet.ch,client,ipinhostname,clientwords]
> 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
> [213.189.148.42 listed in zen.spamhaus.org]
> 4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
> [Blocked - see
> <http://www.spamcop.net/bl.shtml?213.189.148.42>]
> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> [score: 0.5103]
> 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
> dynamic-looking rDNS
> 4.0 JM_SOUGHT_3 JM_SOUGHT_3
> 1.0 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
>
> Jason's rules should help you :-
> http://wiki.apache.org/spamassassin/SoughtRules
>
> Regards,
>
> --
> --[ UxBoD ]--
> // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
> // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84
> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net
>
> ----- "jfchaput" <jf...@publi-web.net> wrote:
>
>> Hi,
>>
>> Here http://pastebin.com/m309761a5
>>
>> Thank
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
--
View this message in context: http://www.nabble.com/Need-rule-for-this-type-of-spam-tp15714057p15714639.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Need rule for this type of spam
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
score here as follows :-
Content analysis details: (17.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=213.189.148.42,rdns=ip-213-189-148-042.fix.magnet.ch,client,ipinhostname,clientwords]
3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[213.189.148.42 listed in zen.spamhaus.org]
4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?213.189.148.42>]
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5103]
0.1 RDNS_DYNAMIC Delivered to trusted network by host with
dynamic-looking rDNS
4.0 JM_SOUGHT_3 JM_SOUGHT_3
1.0 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
Jason's rules should help you :- http://wiki.apache.org/spamassassin/SoughtRules
Regards,
--
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
// Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84
// Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net
----- "jfchaput" <jf...@publi-web.net> wrote:
> Hi,
>
> Here http://pastebin.com/m309761a5
>
> Thank
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Need rule for this type of spam
Posted by jfchaput <jf...@publi-web.net>.
Hi,
Here http://pastebin.com/m309761a5
Thank
--
View this message in context: http://www.nabble.com/Need-rule-for-this-type-of-spam-tp15714057p15714459.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Need rule for this type of spam
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
please post the full message via something like pastebin. we need to see the headers aswell.
Regards,
--
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
// Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84
// Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net
----- "jfchaput" <jf...@publi-web.net> wrote:
> Hi,
>
> My spamassassin setup work great but I receive alot spam like this :
>
> Subject: M!cro soft Office_2OO7 for XP,Vis+a 79. Retail 838 -save
> 2466-
>
> sas jmp statistical discovery 7 - 129
>
> use -newsoftdeal .com- |n Web Browser
> Erase - before you use |n Web Browser
>
> ulead photoImpact x3 - 29
> intuit quickbooks premier edition 2007 - 79
> intuit quicken home and business 2008 - 39
> cdmenupro 6.23 biz edition - 39
> alias maya 7.0 unlimited - 109
> autodesk architectural studio 3.0 - 39
> parallels desktop 3.0 for mac - 29
>
>
> Can somebody provide me a rule for that or help to create a custom
> rule?
>
> Thanks
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.