Hosting Provided By

Re[2]: Attachments still?

From: Rob McEwen <rob(at)powerviewsystems.com>
Date: Tue Jul 31 2007 - 22:06:10 EDT

If you don't mind my shameless plug, even though that IP doesn't show up on any of the blacklists reported by either dnsstuff.com or robtex.com ...I've had it listed on my ivmSIP.com "Sender's IP" dnsbl since Sunday, July 15, 2007 12:25 PM.

And there are many more like this! (Still taking testers, if anyone is interested!)

Rob McEwen
PowerView Systems
(478) 475-9032
rob@powerviewsystems.com

-----Original Message-----
From: "Jari Fredriksson" <jarif@iki.fi> To: <robert@webtent.com>, "SpamAssassin" <users@spamassassin.apache.org> Date: 07/31/07 21:28
Subject: Re: Attachments still?

Robert Fitzpatrick wrote:
> Still getting these attachments with SA-3.1.7 + SARE + sa-update +
> amavisd + clamav with sanesecurity sigs. Should I be blocking these
> with those rule sets? Can someone test this to see how you may be
> blocking?
>
> http://esmtp.webtent.net/mail1.txt
>
> Thanks :)

Content analysis details: (12.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
0.0 BOTNET_CLIENTWORDS Hostname contains client-like substrings [botnet_clientwords,ip=66.18.53.26,rdns=static-host-66-18-53-26.epbinternet.com] 5.0 BOTNET Relay might be a spambot or virusbot [botnet0.7,ip=66.18.53.26,hostname=static-host-66-18-53-26.epbinternet.com,maildomain=benmenasha.net,client,ipinhostname,clientwords] 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain signs some mails
0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address [botnet_ipinhosntame,ip=66.18.53.26,rdns=static-host-66-18-53-26.epbinternet.com] 0.0 BOTNET_CLIENT Relay has a client-like hostname [botnet_client,ip=66.18.53.26,hostname=static-host-66-18-53-26.epbinternet.com,ipinhostname,clientwords] 1.9 RCVD_ILLEGAL_IP Received: contains illegal IP address 3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99% [score: 0.9899]

2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
0.1 BOUNCE_MESSAGE MTA bounce message
0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce message

Received on Tue Jul 31 22:06:54 2007

This message: [ Message body ]
Next message: Sg: ".htm spam files"
Previous message: jdow: "Re: trapping rubbish?"
Maybe in reply to: Robert Fitzpatrick: "Attachments still?"
Next in thread: Matt Kettler: "Re: Attachments still?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Mon Oct 22 2007 - 11:49:29 EDT

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related spamassassin.apache.org Links users Request more information about Pantek