[Mimedefang] How can I stop these annoying emails?

Wed Feb 25 08:26:41 EST 2004

Le mercredi 25 Février 2004 12:05, Paul Murphy a écrit :

> system, and got:
> >X-Spam-Debug: Checked, hits=2.735 required=5 tests=HTML_20_30,
> >HTML_IMAGE_ONLY_06,HTML_MESSAGE,HTML_TAG_BALANCE_BODY
> >version=2.63
>
> What is the "MY_DSL" rule doing?

There :

It is quite specific to our systems mainly on Gigabit ethernet.
We are not supposed to overindulge external mail coming thru DSL.
Though some customers or worse may us it but for these a few
rules in whitelist are set to balance this bad bad dsl :-)

> As this is non-standard, judging 
> the spam on the basis of your system and declaring that it should be
> detected

Sorry if my post gave you the feeling I was pretending that, I wasn't.
But english isn't my first language and I tried and answer quickly to
you for you seemed disappointed and harassed, and incidentally
we're here under a few network problems I'm supposed to burn
my fingers on :-)

In fact that's was a mistake because I really thought I scored
lower than that for the MY_DSL rule and forgot to check it
before to post.
Then our scores are quite close when counting out this
specific note. Sorry :~}

> isn't really very helpful, especially as the originals may 
> not have triggered this rule anyway.

And I insisted on this point too, reason why I asked *your* scores.

And the point was I thought the weight for HTML was much more
than it is and in fact I crossed (and staggered) between the 2
rules.
Anyway, using the bayesian filter adds up to this (5 points here)
and *should* be enough to stop this ?

Then, to answer to the other part of your first question,
yes anyone has seen these, I have, not by hundreds though,
here are the uniq'ed scores to the different recent variants
I have had :

X-Spam-Score: 11.523 (***********) 
BAYES_99,HTML_50_60,HTML_IMAGE_ONLY_02,
    HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MANY_EXCLAMATIONS,MY_DSL,SUBJ_BUY
X-Spam-Score: 10.328 (**********) 
BAYES_99,HTML_50_60,HTML_IMAGE_ONLY_02,
    HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MY_DSL
X-Spam-Score: 10.858 (**********) 
BAYES_99,HTML_50_60,HTML_IMAGE_ONLY_02,
    HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MANY_EXCLAMATIONS,MY_DSL
X-Spam-Score: 10.33 (**********) BAYES_99,HTML_60_70,HTML_IMAGE_ONLY_02,
    HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MY_DSL
X-Spam-Score: 8.341 (********) BAYES_99,FORGED_OUTLOOK_TAGS,HTML_60_70,
    HTML_IMAGE_ONLY_02,HTML_MESSAGE,HTML_TAG_BALANCE_BODY,IS_A_BOUNCE
X-Spam-Score: 7.33 (*******) BAYES_99,HTML_60_70,HTML_IMAGE_ONLY_02,
    HTML_MESSAGE,HTML_TAG_BALANCE_BODY
X-Spam-Score: 8.331 (********) BAYES_99,FORGED_OUTLOOK_TAGS,HTML_60_70,
    HTML_IMAGE_ONLY_02,HTML_MESSAGE,HTML_TAG_BALANCE_BODY
X-Spam-Score: 10.86 (**********) BAYES_99,HTML_60_70,HTML_IMAGE_ONLY_02,
    HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MANY_EXCLAMATIONS,MY_DSL
X-Spam-Score: 10.33 (**********) BAYES_99,HTML_60_70,HTML_IMAGE_ONLY_02,
    HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MY_DSL
X-Spam-Score: 8.331 (********) BAYES_99,HG_HORMONE,HTML_60_70,
    HTML_IMAGE_ONLY_02,HTML_MESSAGE,HTML_TAG_BALANCE_BODY

And still I am puzzled by the *MANY_EXCLAMATIONS*,
 couldn't find any in the msg ! 
I am quite content it's the bot that has to read all of this, I guess
I'd miss most of the spam thru my poor old eyes :D)

> However, I would be interested to know why your system triggered on
> MISSING_OUTLOOK_NAME and mine didn't.....  It seems that the X-Mailer
> 	header __HAS_OUTLOOK_IN_MAILER  X-Mailer =~ /Microsoft
> (CDO|Outlook)\b/
> Seems that someone is finally using Office 2003....!

Well, makes me wonder why someone would do such a thing :O)

But, smiles off, is the header "Microsoft Office Outlook" a legal one ?
If it is I'll add it up to the .cf !

Cheers.