spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Constant .info domain spam

Re: Constant .info domain spam

From: Karsten Bräckelmann <guenther_at_nospam>
Date: Wed Oct 13 2010 - 00:14:29 GMT
To: users@spamassassin.apache.org

On Tue, 2010-10-12 at 14:03 -1000, Julian Yap wrote:
> 2010/10/12 Karsten Bräckelmann <guenther@rudersport.de>:
> > On Tue, 2010-10-12 at 10:32 -1000, Julian Yap wrote:

Doh! Upon re-reading, I just realized that you are the OP of this
thread, not Peter. So, please, Julian, think of most (if not all) my
questions being directed at you, too.

> > > Are people using automated IP blacklists or something like that?
> >
> > Yes. SA even uses them by default.
> >
> > What do your SA rules triggered look like? Check your identified spam.
> > Do you see RCVD_IN_* rules?
> >
> > If not, you are having DNS problems, or deliberately disabled those
> > network checks.
>
> Many of the don't trigger the RCVD_IN_* rules. Does anyone implement
> their own private DNS black list?

Many of what?

Anyway, yes, some *few* people are using private DNS BLs. Some (a lot
more) users are using DNS BLs not used by SA by default -- courtesy of
the version, of course.

[Added after re-reading: Same request. Which ones do hit, optionaly
which ones don't?]

> Here's a latest one:
> From: "Juice Up My Income" <Art@parkrasive dot info>
> Subject: Sometimes timing is everything
> Date Received: Oct 12, 2010 13:43 PM
>
> Rules triggers:
> 7.9 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.0000]

That is a rather drastic score, and generally not advised.

However, overall it passed your spam threshold by far, no!?

> 1.2 HOST_EQ_STATIC HOST_EQ_STATIC
> -0.0 SPF_PASS SPF: sender matches SPF record
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 1.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> 0.5 MY_OBFUX RAW: X with unusual chars
> 0.3 MY_OBFU_MISC RAW: Misc unusual chars together
> 0.3 HOST_MISMATCH_COM HOST_MISMATCH_COM
> 0.3 MIME_8BIT_HEADER Message header contains 8-bit character
> 1.4 HELO_MISMATCH_INFO HELO_MISMATCH_INFO
> 0.0 SUBJECT_NEEDS_ENCODING SUBJECT_NEEDS_ENCODING
> 0.0 T_REMOTE_IMAGE Message contains an external image

-- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}