procmail
[Top] [All Lists]

Re: new spam filtering rule

2005-06-29 11:07:18
At 05:52 2005-06-29 +0000, Matthias =?UNKNOWN?Q?H=E4ker?= wrote:
i hope the admins out there who read your "TIPS" like me are very carefull using this.

at all its discriminating to block whole TLD.

Apparently, a couple of people failed to note that I identified this as just a small characteristic, not an all out "this is from somewhere else, so it must be spam" test. In my system, this characteristic alone won't even come close to blocking anything - it's merely a contributing factor.

BTW, note that I received YOUR message just fine:

SPAM: +50 Envelope sender is a two letter TLD
INFO: SpamFilter v03.11.00  SBS  20050425/1552
>From procmail-bounces(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE  Tue Jun 28 
22:57:20 2005
 Subject: Re: new spam filtering rule
Folder: gzip -9fc >> procmail.gz 6732


For the 24 hour period which I received a report for this morning, besides your own message, the only other messages which had this characteristic were all spam. Now, at the momemnt, all of these classified as such well enough without this characteristic, but as above, this characteristic alone does not identify a message as spam.

SPAM: +50 message-id domain does not match sender domain
SPAM: +75 received without messageid, injected by local mailserver
SPAM: +125 Single received header for foreign sender
SPAM: +50 Envelope sender is a two letter TLD
SPAM: +45 MIME - multipart/alternative
SPAM: +80 multipart/alternative without plain text
SPAM: +75 marketing type sender address
SPAM: +180 spam type statements (180)
SPAM: +249 Abundance of triggers
SPAM: Advisory - spammishness is 929
SPAM: spammishness exceeds threshold of 249
SPAM: Apparent recipient is *********(_at_)mail(_dot_)professional(_dot_)org
INFO: SpamFilter v03.11.00  SBS  20050425/1552
>From expedite(_at_)qznet(_dot_)us  Tue Jun 28 01:34:10 2005
 Subject: Can people find your web site?
  Folder:  gzip -9fc >> spam.gz

SPAM: +50 message-id domain does not match sender domain
SPAM: +90 message-id domain is an IP address
SPAM: +35 from_domain not found in received chain
SPAM: +50 Envelope sender is a two letter TLD
SPAM: +50 Envelope sender tld is ru
SPAM: +50 Cleartext recipient is common target here
SPAM: +300 Foreign character set encoding (windows-1251) in body.
SPAM: +45 no X-Envelope-To
SPAM: +75 From/Recipient score 75
SPAM: +125 relay hostname appears to be consumer dialup/broadband
SPAM: +249 Abundance of triggers
SPAM: Advisory - spammishness is 1119
SPAM: spammishness exceeds threshold of 249
INFO: SpamFilter v03.11.00  SBS  20050425/1552
>From dongos(_at_)aaanet(_dot_)ru  Tue Jun 28 07:59:29 2005
 Subject: hi from Marina
  Folder:  gzip -9fc >> spam.gz

SPAM: +50 message-id domain does not match sender domain
SPAM: +50 Envelope sender is a two letter TLD
SPAM: +50 Cleartext recipient is common target here
SPAM: +45 no X-Envelope-To
SPAM: +125 relay hostname appears to be consumer dialup/broadband
SPAM: +249+133 Subject Scoring match 133
SPAM: +249-40 Opt-out reference
SPAM: +249 Abundance of triggers
SPAM: Advisory - spammishness is 1160
SPAM: spammishness exceeds threshold of 249
INFO: SpamFilter v03.11.00  SBS  20050425/1552
>From j_mcCann25(_at_)burners(_dot_)co(_dot_)uk  Tue Jun 28 08:57:38 2005
 Subject: Has your cum ever dribbled and you wish it had shot out?
  Folder:  gzip -9fc >> spam.gz

SPAM: +50 message-id domain does not match sender domain
SPAM: +75 received without messageid, injected by local mailserver
SPAM: +125 Single received header for foreign sender
SPAM: +35 from_domain not found in received chain
SPAM: +150 No rDNS for host passing message to our MX
SPAM: +50 Envelope sender is a two letter TLD
SPAM: +50 Envelope sender tld is za
SPAM: +50 Cleartext recipient is common target here
SPAM: +50 allcaps subject
SPAM: +249 Subject Phrase match [ GOOD DAY FROM ANGELA]
SPAM: +5 spam type statements (5)
SPAM: +249+150 Nigerian Scam (10)
SPAM: +249 Abundance of triggers
SPAM: Advisory - spammishness is 1537
SPAM: spammishness exceeds threshold of 249
SPAM: Apparent recipient is *****(_at_)mail(_dot_)professional(_dot_)org
INFO: SpamFilter v03.11.00  SBS  20050425/1552
>From angelakomana1(_at_)tsamail(_dot_)co(_dot_)za  Tue Jun 28 14:10:14 2005
 Subject: GOOD DAY FROM ANGELA
  Folder:  gzip -9fc >> spam.gz

SPAM: +50 message-id domain not in received chain
SPAM: +125 Single received header for foreign sender
SPAM: +35 from_domain not found in received chain
SPAM: +50 Envelope sender is a two letter TLD
SPAM: +50 Cleartext recipient is common target here
SPAM: +300 Foreign character set encoding (windows-1251) used in From or Subject.
SPAM: +300 Foreign character set encoding (windows-1251) in body.
SPAM: +125 relay hostname appears to be consumer dialup/broadband
SPAM: +249 Abundance of triggers
SPAM: Advisory - spammishness is 1284
SPAM: spammishness exceeds threshold of 249
SPAM: Apparent recipient is *****(_at_)mail(_dot_)professional(_dot_)org
INFO: SpamFilter v03.11.00  SBS  20050425/1552
>From sung(_at_)prosig(_dot_)demon(_dot_)co(_dot_)uk  Tue Jun 28 15:29:34 2005
 Subject: =?windows-1251?B?yuDqIOzu5u3uIPPn7eDy/CDC4Pgg4OTw5fE/?=
  Folder:  gzip -9fc >> spam.gz

SPAM: +50 message-id domain not in received chain
SPAM: +125 Single received header for foreign sender
SPAM: +35 from_domain not found in received chain
SPAM: +50 Envelope sender is a two letter TLD
SPAM: +50 Cleartext recipient is common target here
SPAM: +300 Foreign character set encoding (windows-1251) used in From or Subject.
SPAM: +175 IP 219.58.204.24 listed in dialup DNSBL
SPAM: +125 relay hostname appears to be consumer dialup/broadband
SPAM: +45 MIME - multipart/related
SPAM: +249 Abundance of triggers
SPAM: Advisory - spammishness is 1204
SPAM: spammishness exceeds threshold of 249
SPAM: Apparent recipient is *****(_at_)mail(_dot_)professional(_dot_)org
INFO: SpamFilter v03.11.00  SBS  20050425/1552
>From mauro(_at_)sbs(_dot_)siemens(_dot_)co(_dot_)uk  Tue Jun 28 15:49:52 2005
 Subject: =?windows-1251?B?0vDl7ejt4+gg7eAgQ0Qg5Ov/IA==?=
  Folder:  gzip -9fc >> spam.gz

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>