All | Aquariums | Arduino | Btrfs | Cars | Cats | Clubbing | Computers | Diving | Dreamstate | Edc | Electronics | Exercising | Festivals | Flying | Halloween | Hbot | Hiking | Linux | Linuxha | Monuments | Museums | Oshkosh | Outings | Public | Rc | Sciencemuseums | Solar | Tfsf | Trips



>>> Back to post index <<<

2005/10/15 New spam record, and 70,000 spam blocked
π 2005-10-15 22:49 by Merlin in Public

I was shuffling my SA-Exim logs, after realizing that I had more than 1G of spam mail saved, I also found the highest scored spam ever: 86.2!
In the meantime, I also found that my anti-spam software has blocked more than 70,000 spams on my server. Go me! :)

Subject: SPAM: 86.2: ºô¸ô¶}©±Àu´f¤è®×¡I ¦n§·m¥ý³ø¡I
X-Spam-Status: Yes, score=86.2 required=7.0 tests=BAYES_99,BIZ_TLD,
DOMAIN_RATIO,FORGED_IMS_HTML,FORGED_MUA_IMS,FORGED_YAHOO_RCVD,
HEAD_ILLEGAL_CHARS,HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,HTML_90_100,
HTML_CHARSET_FARAWAY,HTML_IMAGE_RATIO_02,HTML_MESSAGE,HTML_WEB_BUGS,
HTTP_ESCAPED_HOST,HTTP_EXCESSIVE_ESCAPES,MIME_BASE64_TEXT,
MIME_BOUND_DD_DIGITS,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,
MISSING_MIMEOLE,MPART_ALT_DIFF,MSGID_SPAM_CAPS,MSGID_YAHOO_CAPS,
RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_BY_IP,RCVD_DOUBLE_IP_SPAM,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_NJABL_DUL,
RCVD_IN_SORBS_DUL,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,SPF_HELO_SOFTFAIL,
SUBJ_ILLEGAL_CHARS,TO_MARCNEWS autolearn=spam
version=3.0.3-mmrules_20041125
X-Spam-Report:
* 3.8 MSGID_YAHOO_CAPS Message-ID has ALLCAPS@yahoo.com
* 1.2 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)
* 4.1 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* 4.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr 1)
* 4.0 TO_MARCNEWS To marc_news
* 3.8 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
* 0.1 RCVD_BY_IP Received by mail server with no name
* 2.9 SUBJ_ILLEGAL_CHARS Subject contains too many raw illegal characters
* 3.1 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)
* [SPF failed: Please see
http://spf.pobox.com/why.html?sender=rr.com &ip; =24.95.54.50 &receiver; =magic.merlins.org]
* 2.1 HEAD_ILLEGAL_CHARS Header contains too many raw illegal characters
* 2.7 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
* 0.5 HTTP_ESCAPED_HOST URI: Uses %-escapes inside a URL's hostname
* 2.3 BIZ_TLD URI: Contains an URL in the BIZ top-level domain
* 0.2 HTTP_EXCESSIVE_ESCAPES URI: Completely unnecessary %-escapes inside a URL
* 3.2 DOMAIN_RATIO BODY: Message body mentions many internet domains
* 0.0 HTML_WEB_BUGS BODY: Image tag intended to identify you
* 1.8 HTML_MESSAGE BODY: HTML included in message
* 0.1 MPART_ALT_DIFF BODY: HTML and text parts are different
* 4.0 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50%
* [cf: 100]
* 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 3.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.0 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
* 0.0 HTML_90_100 BODY: Message is 90% to 100% HTML
* 0.3 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
* 7.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [24.95.54.50 listed in sbl-xbl.spamhaus.org]
* 0.0 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server
* [24.95.54.50 listed in dnsbl.sorbs.net]
* 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
* [24.95.54.50 listed in dnsbl.sorbs.net]
* 3.0 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
* [http://dsbl.org/listing?24.95.54.50]
* 6.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* [Blocked - see http://www.spamcop.net/bl.shtml?24.95.54.50]
* 0.1 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
* [24.95.54.50 listed in combined.njabl.org]
* 4.1 RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP) found
* 2.4 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
* 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
* 2.4 FORGED_MUA_IMS Forged mail pretending to be from IMS
* 2.0 FORGED_IMS_HTML IMS can't send HTML message only
* 0.5 HTML_CHARSET_FARAWAY A foreign language charset used in HTML markup

More pages: April 2024 December 2023 November 2023 October 2023 September 2023 May 2023 August 2022 March 2022 November 2021 February 2021 June 2020 May 2020 March 2020 January 2020 December 2019 November 2018 July 2018 May 2017 September 2016 May 2016 September 2015 May 2015 April 2015 December 2014 July 2014 April 2014 March 2014 October 2013 May 2013 April 2013 January 2013 October 2012 September 2012 July 2012 May 2012 April 2012 December 2011 November 2011 July 2011 April 2011 March 2011 December 2010 November 2010 October 2010 August 2010 July 2010 June 2010 April 2010 March 2010 February 2010 December 2009 November 2009 October 2009 September 2009 August 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 June 2008 May 2008 April 2008 March 2008 November 2007 October 2007 September 2007 May 2007 March 2007 December 2006 November 2006 October 2006 September 2006 August 2006 June 2006 May 2006 February 2006 January 2006 December 2005 November 2005 October 2005 October 2004 August 2004 June 2004 May 2004 March 2004 September 1997 July 1996 September 1993 July 1991 December 1988 December 1985 January 1980

>>> Back to post index <<<

Contact Email