You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ben Lentz <bl...@channing-bete.com> on 2006/10/18 15:46:31 UTC
Joe Blow wrote: Spam
Has anyone been able to come up with a safe solution to this morning's
rash of Joe Blow wrote: spam messages? They look like this:
hi Judson i hope this is your email.
I was like to see you the other day. I hope you are actually had like the New York.
So much so much happening all the time, lots of great opportunities.
And speaking of opportunities, the deal I was speaking you about other day embraces a company
named Tex-Homa (TXHE).
It's already growing up, but the big info isn't even
out yet, so there's still time. I have got this shares already and made
2000. I advise you to do the same today.
Hope this helps you out. I'll see you this weekend.
Yours Judson Herring
These aren't really triggering a high enough point value. I've run sa-update and these still seem to be coming through.
I'd be grateful for any tips anyone has.
Thanks
Re: Joe Blow wrote: Spam
Posted by "George R. Kasica" <ge...@netwrx1.com>.
THANK YOU!!!!
>yep, there's a rule for them that should be coming through in updates
>tomorrow or the day after...
>
>--j.
George, Nazarene(6/1/99- ), Ginger/The Beast Kasica(8/1/88-3/19/01, 1/17/02-), MR. Tibbs(8/1/90-5/24/06)
Jackson, WI USA
georgek@netwrx1.com
http://www.netwrx1.com/georgek
ICQ #12862186
("`-''-/").___..--''"`-._
`6_ 6 ) `-. ( ).`-.__.`)
(_Y_.)' ._ ) `._ `. ``-..-'
_..`--'_..-_/ /--'_.' ,'
(il),-'' (li),' ((!.-'
Re: Joe Blow wrote: Spam
Posted by Michel R Vaillancourt <mi...@wolfstar.ca>.
>
> They are adding new PCs to the bot-nets used for spam faster than the
> DNSBL operators can update the lists.
>
> -- Clifton
>
I've just made my personal additional rules-set available at
http://empire.wolfstar.ca/spamAssassin/ ... specifically,
WOLFSTAR_SOMEONEWROTESTOCKUCE.cf adds 1.75 to that UCE's score, which
seems to be enough to trip it into the "spam" category on my servers.
Thanks to Peter H. Lemieux for one of the patterns I am using.
--
--Michel Vaillancourt
Wolfstar Systems
www.wolfstar.ca
Re: Joe Blow wrote: Spam
Posted by Clifton Royston <cl...@lava.net>.
On Wed, Oct 18, 2006 at 10:44:09AM -0700, Jo Rhett wrote:
> Coffey, Neal wrote:
> >Are you running network tests? I got one of these 2 minutes ago, and it
> >scored a 6.8 just from the RBL checks. And once it shows up in the
> >Razor2 database, it'll score even higher.
>
> Inconsistent on the network checks. For instance, my personal e-mail
> got 4 of these but 2 more were caught by network checks.
They are adding new PCs to the bot-nets used for spam faster than the
DNSBL operators can update the lists.
-- Clifton
--
Clifton Royston -- cliftonr@iandicomputing.com / cliftonr@lava.net
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, systems and network consulting services
Re: Joe Blow wrote: Spam
Posted by Jo Rhett <jr...@netconsonance.com>.
Coffey, Neal wrote:
> Are you running network tests? I got one of these 2 minutes ago, and it
> scored a 6.8 just from the RBL checks. And once it shows up in the
> Razor2 database, it'll score even higher.
Inconsistent on the network checks. For instance, my personal e-mail
got 4 of these but 2 more were caught by network checks.
--
Jo Rhett
Network/Software Engineer
Net Consonance
RE: Joe Blow wrote: Spam
Posted by "Coffey, Neal" <nc...@langeveld.com>.
Ben Lentz wrote:
> Has anyone been able to come up with a safe solution to this morning's
> rash of Joe Blow wrote: spam messages? They look like this:
>
> These aren't really triggering a high enough point value. I've run
> sa-update and these still seem to be coming through.
Are you running network tests? I got one of these 2 minutes ago, and it
scored a 6.8 just from the RBL checks. And once it shows up in the
Razor2 database, it'll score even higher.
Content analysis details: (6.8 points, 3.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[67.10.183.27 listed in dnsbl.sorbs.net]
3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[67.10.183.27 listed in
sbl-xbl.spamhaus.org]
1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[67.10.183.27 listed in combined.njabl.org]