[Mimedefang] Seeing a lot of these lately
Charles
cg-list at sterlingideas.com
Mon Apr 10 15:54:27 EDT 2006
Cormack, Ken wrote:
> Have others been noticing a lot of spams recently, that tend to be
> html-based (big surprise there, eh?), contain obvious (and visible) random
> text intended to pollute a bayes store, both above and below the "real"
> content of the message... a spam in the form of a bitmap image? The
> subject, too, is typically one or two random words meant to sneak past a
> bayes engine.
>
> Have been seeing a number of these lately here, and I'm wondering if anyone
> has ideas how best to go about blocking some of these things.
>
> Ken
Yes, they seem to have been showing up steadily for the last two weeks or so. The first few came through, but they've been being flagged since. Unfortunately I haven't seen enough for Bayes to get a clue it appears, but here's the analysis of the last one I just noticed:
4.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
1)
2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
0.0 HTML_MESSAGE BODY: HTML included in message
0.5 HTML_40_50 BODY: Message is 40% to 50% HTML
-2.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[24.91.213.212 listed in dnsbl.sorbs.net]
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?24.91.213.212>]
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[24.91.213.212 listed in combined.njabl.org]
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[24.91.213.212 listed in sbl-xbl.spamhaus.org]
Charles
More information about the MIMEDefang
mailing list