« Return to Thread: "KAUF-TIPP DER WOCHE" spam getting through
"KAUF-TIPP DER WOCHE" spam getting through
by Panagiotis Christias
::
Rate this Message:
Hello,
the last days we get a lot of spam like this:
---- spam body begins here ----
Words disputed interview galli provisions raise, eyebrows dead holders!
KAUF-TIPP DER WOCHE
LESEN SIE DIE NACHRICTEN
STONEBRIDGE RES EXP Frankfurt: S3C.F
Name : STONEBRIDGE RES EXP
Kurzel : S3C.F
WKN : A0HHEB
Borsenplatz : Frankfurt
Schluss-Stand 23.03.2007 : Euro 0.10
Prognose bis 02.04.2007 : Euro 0.21
Freedom hampton radical illich ivan, fontana ishiguro kazuo.
Austerlitz natural history semprun. Scrfrk tue am foudy fans.
Newsgroup msdn chappell app? Remote locations talk improving, access
ballmer gets intense. Inert numb sensuality touch. Sum timetolive gmt
indicate. Required preserve specify references interested.
Brutes granta nadezhda hope, hopehope abandoned collins, harvill.
Example unicode character exact numeric without decimal such numbers.
Cedega natively lowlevel emulators binary gaming opengl.
Investors press privacy, statement mypoints mysite, juno, photosite registered.
End, dialogues spiritual renewal thames hudson chorus stones.
Effective auditing procedures handy records kept propertys examined.
Money resources time others, worse than no so why? Setupmore botts
george ou real world wireless lan myths! Red hats expense technology,
announced last year helping.
Guzman writings, osip natasha mandelstam susan, griffin.
---- spam body ends here ----
We use rbls on our border mail servers, SA 3.1.8, sa-update and
rules_du_jour to update our rule set from spamassassin and
rulesemporium sites and various plugins like DCC, Razor, URIDNSBL,
SPF, RelayChecker etc. Still many of those spam messages get low
scores and slip through. Scores as low as -1.2 (!) like the message
above which triggered the following rules:
X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,
MSGID_FROM_MTA_HEADER,MSGID_FROM_MTA_ID autolearn=no version=3.1.8
Ideas and suggestions are welcome.
Regards,
Panagiotis
ps. I understand that a simple rule matching something /^KAUF-TIPP DER
WOCHE$/ would wipe out all of them but I am interested in a more
generic/efficient way.
ps2. both messages marked as spam or ham are available here:
http://noc.ntua.gr/~christia/tmp/KAUF-TIPP_DER_WOCHE.gz
the last days we get a lot of spam like this:
---- spam body begins here ----
Words disputed interview galli provisions raise, eyebrows dead holders!
KAUF-TIPP DER WOCHE
LESEN SIE DIE NACHRICTEN
STONEBRIDGE RES EXP Frankfurt: S3C.F
Name : STONEBRIDGE RES EXP
Kurzel : S3C.F
WKN : A0HHEB
Borsenplatz : Frankfurt
Schluss-Stand 23.03.2007 : Euro 0.10
Prognose bis 02.04.2007 : Euro 0.21
Freedom hampton radical illich ivan, fontana ishiguro kazuo.
Austerlitz natural history semprun. Scrfrk tue am foudy fans.
Newsgroup msdn chappell app? Remote locations talk improving, access
ballmer gets intense. Inert numb sensuality touch. Sum timetolive gmt
indicate. Required preserve specify references interested.
Brutes granta nadezhda hope, hopehope abandoned collins, harvill.
Example unicode character exact numeric without decimal such numbers.
Cedega natively lowlevel emulators binary gaming opengl.
Investors press privacy, statement mypoints mysite, juno, photosite registered.
End, dialogues spiritual renewal thames hudson chorus stones.
Effective auditing procedures handy records kept propertys examined.
Money resources time others, worse than no so why? Setupmore botts
george ou real world wireless lan myths! Red hats expense technology,
announced last year helping.
Guzman writings, osip natasha mandelstam susan, griffin.
---- spam body ends here ----
We use rbls on our border mail servers, SA 3.1.8, sa-update and
rules_du_jour to update our rule set from spamassassin and
rulesemporium sites and various plugins like DCC, Razor, URIDNSBL,
SPF, RelayChecker etc. Still many of those spam messages get low
scores and slip through. Scores as low as -1.2 (!) like the message
above which triggered the following rules:
X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,
MSGID_FROM_MTA_HEADER,MSGID_FROM_MTA_ID autolearn=no version=3.1.8
Ideas and suggestions are welcome.
Regards,
Panagiotis
ps. I understand that a simple rule matching something /^KAUF-TIPP DER
WOCHE$/ would wipe out all of them but I am interested in a more
generic/efficient way.
ps2. both messages marked as spam or ham are available here:
http://noc.ntua.gr/~christia/tmp/KAUF-TIPP_DER_WOCHE.gz
« Return to Thread: "KAUF-TIPP DER WOCHE" spam getting through
| Free embeddable forum powered by Nabble | Forum Help |
