From marc at merlins.org Fri Feb 10 14:03:28 2006 From: marc at merlins.org (Marc MERLIN) Date: Fri, 10 Feb 2006 14:03:28 -0800 Subject: [SA-exim] Spam record: 106 score Message-ID: <20060210220328.GB4434@merlins.org> Probably more than half of you will reject this mail :) but I thought it was cool to see how effective sa-exim and SA can be. What's even more amazing is such a high score for a mail that had 10 lines of body :) ----- Forwarded message from Trina Dunn ----- X-Message-Info: %RNDUCCHAR15%RNDLCCHAR13%RNDUCCHAR15%RNDDIGIT13%RNDLCCHAR13%RNDUCCHAR13%RNDLCCHAR14%RNDUCCHAR16%RNDLCCHAR13%RNDUCCHAR13%RNDLCCHAR13%RNDUCCHAR13%RNDLCCHAR13%RNDDIGIT13 To: boulouis at efrei.fr From: Trina Dunn X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at efrei.fr X-CallBackFailed: envrcptrandom X-CallBackFailed: hdrrcptrandom X-SA-Exim-Connect-IP: 194.2.204.37 X-SA-Exim-Rcpt-To: marc efrei at merlins.org X-SA-Exim-Mail-From: Sangtkpbvg at succeed.net X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.0-mmrules_20041125 (2005-09-13) on magic.merlins.org X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=106.0 required=7.0 tests=BAYES_99,ENVCALLBACK, FROM_LOCAL_NOVOWEL,HDRCALLBACK,HTML_IMAGE_ONLY_04,HTML_IMAGE_RATIO_02, HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,MIME_BOUND_DD_DIGITS, MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,PERCENT_RANDOM, RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100, RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_HELO_IP_MISMATCH, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_XBL,RCVD_NUMERIC_HELO, TO_EFREI,UNRESOLVED_TEMPLATE,URIBL_AB_SURBL,URIBL_JP_SURBL, URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL,X_MESSAGE_INFO autolearn=spam version=3.1.0-mmrules_20041125 X-Spam-Report: * 2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters * 4.5 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary * 9.0 HDRCALLBACK Envelope sender callback failed * 8.0 ENVCALLBACK Envelope sender callback failed * 6.0 TO_EFREI To old efrei address * 4.4 X_MESSAGE_INFO Bulk email fingerprint (X-Message-Info) found * 1.3 UNRESOLVED_TEMPLATE Headers contain an unresolved template * 4.0 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but * should * 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO * 0.5 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image * area * 1.8 HTML_MESSAGE BODY: HTML included in message * 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 3.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 3.6 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of words * 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level * above 50% * [cf: 100] * 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level * above 50% * [cf: 100] * 7.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 4.0 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 3.0 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org * [] * 6.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see ] * 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * [220.77.108.253 listed in sbl-xbl.spamhaus.org] * 3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist * [URIs: insane-extreme-amazing.com] * 4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist * [URIs: insane-extreme-amazing.com] * 4.0 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist * [URIs: insane-extreme-amazing.com] * 3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist * [URIs: insane-extreme-amazing.com] * 4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist * [URIs: insane-extreme-amazing.com] * 0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME * parts * 2.3 PERCENT_RANDOM Message has a random macro in it * 0.9 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image Subject: SPAM: 106.0: massive toys deeper and harder into their tight pussies & asses. X-Spam-Prev-Subject: massive toys deeper and harder into their tight pussies & asses. X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100) X-SA-Exim-Scanned: Yes (on mail1.merlins.org)

Pussy toys, anal toys, double toys, toy ass-to-mouth and more ----- End forwarded message ----- From nigel.metheringham at dev.intechnology.co.uk Sun Feb 12 07:08:19 2006 From: nigel.metheringham at dev.intechnology.co.uk (Nigel Metheringham) Date: Sun, 12 Feb 2006 15:08:19 +0000 Subject: [SA-exim] Spam record: 106 score In-Reply-To: <20060210220328.GB4434@merlins.org> References: <20060210220328.GB4434@merlins.org> Message-ID: <1139756899.8953.0.camel@localhost.localdomain> I could send you a GTUBE message - I believe that scores 1000! Nigel. -- [ Nigel Metheringham Nigel.Metheringham at InTechnology.co.uk ] [ - Comments in this message are my own and not ITO opinion/policy - ] From marc at merlins.org Sun Feb 12 07:31:19 2006 From: marc at merlins.org (Marc MERLIN) Date: Sun, 12 Feb 2006 07:31:19 -0800 Subject: [SA-exim] Spam record: 106 score In-Reply-To: <1139756899.8953.0.camel@localhost.localdomain> References: <20060210220328.GB4434@merlins.org> <1139756899.8953.0.camel@localhost.localdomain> Message-ID: <20060212153119.GC5337@merlins.org> On Sun, Feb 12, 2006 at 03:08:19PM +0000, Nigel Metheringham wrote: > I could send you a GTUBE message - I believe that scores 1000! That's cheating :) Note too that the message in question had almost no body, most of that score was on headers :) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP key From chris at northfolk.ca Mon Feb 27 02:44:59 2006 From: chris at northfolk.ca (Chris Purves) Date: Mon, 27 Feb 2006 18:44:59 +0800 Subject: [SA-exim] return path not passed to spamassassin Message-ID: <4402D82B.3070105@northfolk.ca> I have had the problem that SPF checking does not work when spamassassin is called from exim. It works fine when running spamc after a message has been delivered. I believe that I have tracked the problem down to the return path not being added to the headers by exim until after spamassassin is finished. It seems to me that this is something sa-exim should have configured automatically...of course it's just as likely something I should have configured but didn't. I found this thread that discusses the same problem. http://www.nabble.com/Availability-of-return-path-to-Exiscan-t49803.html Please provide suggestions as to the best way to solve this. Thanks. -- Good day, eh. Chris From chris at northfolk.ca Mon Feb 27 17:28:09 2006 From: chris at northfolk.ca (Chris Purves) Date: Tue, 28 Feb 2006 09:28:09 +0800 Subject: [SA-exim] return path not passed to spamassassin Message-ID: <4403A729.1020902@northfolk.ca> I have had the problem that SPF checking does not work when spamassassin is called from exim. It works fine when running spamc after a message has been delivered. I believe that I have tracked the problem down to the return path not being added to the headers by exim until after spamassassin is finished. It seems to me that this is something sa-exim should have configured automatically...of course it's just as likely something I should have configured but didn't. I found this thread that discusses the same problem. http://www.nabble.com/Availability-of-return-path-to-Exiscan-t49803.html Please provide suggestions as to the best way to solve this. Thanks. -- Good day, eh. Chris