You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by LuKreme <kr...@kreme.com> on 2007/04/12 00:03:55 UTC
Low Scoring MC/MS scam spam
<http://www.covisp.net/~kreme/spam24.txt> Only scored 2.4 ??
I'm amazed it only hit BAYES_50
my MTA did not add the following headers:
X-Status:
X-Keywords: NotJunk $NotJunk
X-UID: 4570
--
You try to shape the world to what you want the world to be. Carving
your name a thousand times won't bring you back to me. Oh no, no I
might as well go and tell it to the trees. Go and tell it to the
trees, yeah.
Re: Low Scoring MC/MS scam spam
Posted by Henrik Krohns <he...@hege.li>.
On Sat, Apr 14, 2007 at 01:04:56AM -0600, LuKreme wrote:
> On 12-Apr-2007, at 02:22, Martin.Hepworth wrote:
> > 1.3 NA_DOLLARS BODY: Talks about a million North American
> >dollars
>
> Well, that's more than double the default score.
>
> > 0.6 J_CHICKENPOX_48 BODY: {4}Letter - punctuation - {8}Letter
>
> OK, I thought Chickenpox was deprecated ages ago.
>
> > 3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
> > 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
> >bl.spamcop.net
>
> well, those are good once the spam has made the rounds. I was
> obviously in the first round this time.
What are you really expecting? That someone can predict what rules to
create? Unless you want to go the extra mile and tune your setup and
create rules, you are going to receive "new" spam. Period.
Re: Low Scoring MC/MS scam spam
Posted by LuKreme <kr...@kreme.com>.
On 12-Apr-2007, at 02:22, Martin.Hepworth wrote:
> 1.3 NA_DOLLARS BODY: Talks about a million North American
> dollars
Well, that's more than double the default score.
> 0.6 J_CHICKENPOX_48 BODY: {4}Letter - punctuation - {8}Letter
OK, I thought Chickenpox was deprecated ages ago.
> 3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
> 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
> bl.spamcop.net
well, those are good once the spam has made the rounds. I was
obviously in the first round this time.
> 2.0 FM_LOTTO_MONEY Talks about lotto and large money!
> 3.7 FM_LOTTO_YOU_WON Talks about lotto and you won!
And these?
I now get:
Content analysis details: (4.3 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 BOTNET_SERVERWORDS Hostname contains server-like substrings
0.6 NA_DOLLARS BODY: Talks about a million North American
dollars
0.5 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-
ignorant.org
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?
85.17.45.23>]
1.4 DNS_FROM_RFC_POST RBL: Envelope sender in
postmaster.rfc-ignorant.org
0.5 PLING_PLING Subject has lots of exclamation marks
0.0 MANY_EXCLAMATIONS Subject has many exclamations
0.0 ADVANCE_FEE_1 Appears to be advance fee fraud (Nigerian
419)
--
I find Windows of absolutely no technical interest... Mac OS X is a
rock-solid system that's beautifully designed. I much prefer it to
Linux. -- Bill Joy
RE: Low Scoring MC/MS scam spam
Posted by "Martin.Hepworth" <ma...@solidstatelogic.com>.
Scores well on my system...
Content analysis details: (14.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
1.3 NA_DOLLARS BODY: Talks about a million North American
dollars
0.6 J_CHICKENPOX_48 BODY: {4}Letter - punctuation - {8}Letter
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5007]
3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?85.17.45.23>]
0.3 PLING_PLING Subject has lots of exclamation marks
0.8 MANY_EXCLAMATIONS Subject has many exclamations
0.0 ADVANCE_FEE_1 Appears to be advance fee fraud (Nigerian
419)
2.0 FM_LOTTO_MONEY Talks about lotto and large money!
3.7 FM_LOTTO_YOU_WON Talks about lotto and you won!
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: LuKreme [mailto:kremels@kreme.com]
> Sent: 11 April 2007 23:04
> To: users@spamassassin.apache.org
> Subject: Low Scoring MC/MS scam spam
>
> <http://www.covisp.net/~kreme/spam24.txt> Only scored 2.4 ??
>
> I'm amazed it only hit BAYES_50
>
> my MTA did not add the following headers:
>
> X-Status:
> X-Keywords: NotJunk $NotJunk
> X-UID: 4570
>
>
> --
> You try to shape the world to what you want the world to be. Carving
> your name a thousand times won't bring you back to me. Oh no, no I
> might as well go and tell it to the trees. Go and tell it to the
> trees, yeah.
>
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************