[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
*****SPAM***** CABLE TV FILTER (fwd)
|
From: |
Tony Shadwick |
|
Subject: |
*****SPAM***** CABLE TV FILTER (fwd) |
|
Date: |
Tue, 18 Mar 2003 03:30:57 +0000 (GMT) |
Below is the logfile and a message example of something that should have
been rejected but was not....perhaps you'll see something I did not?
Tony Shadwick
Manager of Internet Services
Strategic Technology Group
Mar 17 20:09:12 erwin sendmail[2390]: h2I29AKT002390:
from=<address@hidden>
, size�94, class=0, nrcpts=1,
msgid=<address@hidden
m>, proto=ESMTP, daemon=MTA, relayêc9aac140.tky.mesh.ad.jp
[218.42.44.140]
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_header: exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_eoh: enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_eoh: exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_body: enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::output exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_body: exit
Mar 17 20:09:12 erwin spamass-milter[1646]: mlfi_eom: enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::input enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::empty_and_close_pipe enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::read_pipe enter
Mar 17 20:09:12 erwin spamd[453]: connection from localhost [127.0.0.1] at
port
50567
Mar 17 20:09:12 erwin spamd[2392]: info: setuid to numbski succeeded
Mar 17 20:09:12 erwin spamd[2392]: processing message
<00003c0d1cdc$00007bc0$000
address@hidden> for numbski:501.
Mar 17 20:09:12 erwin spamd[2392]: identified spam (27.2/4.6) for
numbski:501 in
0.4 seconds, 1334 bytes.
Mar 17 20:09:12 erwin spamass-milter[1646]: ::read_pipe exit
Mar 17 20:09:12 erwin spamass-milter[1646]: ::read_pipe enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::read_pipe exit
Mar 17 20:09:12 erwin spamass-milter[1646]: ::read_pipe enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::read_pipe exit
Mar 17 20:09:12 erwin spamass-milter[1646]: ::read_pipe enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::read_pipe exit
Mar 17 20:09:12 erwin spamass-milter[1646]: ::read_pipe enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::read_pipe exit
Mar 17 20:09:12 erwin spamass-milter[1646]: ::read_pipe enter
Mar 17 20:09:12 erwin spamass-milter[1646]: ::read_pipe exit
Mar 17 20:09:12 erwin spamass-milter[1646]: ::empty_and_close_pipe exit
Mar 17 20:09:12 erwin spamass-milter[1646]: ::input exit
Mar 17 20:09:12 erwin sendmail[2390]: h2I29AKT002390: Milter add: header:
X-Spam
-Flag: YES
Mar 17 20:09:12 erwin sendmail[2390]: h2I29AKT002390: Milter add: header:
X-Spam
-Status: Yes, hits'.2
required=4.6\n\ttests=CLICK_BELOW,DATE_IN_FUTURE_12_24,E
XCUSE_14,\n\t FORGED_HOTMAIL_RCVD,HTML_70_80,HTML_IMAGE_ONLY_02,\n\t
H
TML_IMAGE_RATIO_02,HTML_LINK_CLICK_HERE,HTML_MESSAGE,\n\t
INVALID_DATE_TZ_A
BSURD,MIME_HTML_ONLY,MSGID_OE_SPAM_4ZERO,\n\t
MSGID_OUTLOOK_TIME,MSGID_SPAM
SIGN_ZEROES,OFFERS_ETC,\n\t
SUBJ_ALL_CAPS,SUSPICIOUS_RECIPS\n\tautolearn=sp
am\tversion=2.50
Mar 17 20:09:12 erwin sendmail[2390]: h2I29AKT002390: Milter add: header:
X-Spam
-Level: ***************************
Mar 17 20:09:12 erwin sendmail[2390]: h2I29AKT002390: Milter add: header:
X-Spam
-Checker-Version: SpamAssassin 2.50 1.173-2003-02-20-exp
Mar 17 20:09:12 erwin sendmail[2390]: h2I29AKT002390: Milter change:
header Sub
ject: from CABLE TV FILTER to *****SPAM***** CABLE TV FILTER
Mar 17 20:09:12 erwin sendmail[2390]: h2I29AKT002390: Milter change:
header Con
tent-Type: from text/html;\n\tcharset="iso-8859-1" to multipart/mixed;
boundary"----------=_3E767FC8.917061F5"
Mar 17 20:09:12 erwin sendmail[2390]: h2I29AKT002390: Milter message: body
repla
ced
---------- Forwarded message ----------
Date: Mon, 17 Mar 2003 21:12:47 -0600 (CST)
From: Tony Shadwick <address@hidden>
To: address@hidden
Subject: *****SPAM***** CABLE TV FILTER (fwd)
---------- Forwarded message ----------
Date: Mon, 17 Mar 2003 21:03:44 -1700
From: TV Hacker <address@hidden>
To: address@hidden, address@hidden, address@hidden,
address@hidden, address@hidden, address@hidden
Subject: *****SPAM***** CABLE TV FILTER
This mail is probably spam. The original message has been attached
along with this report, so you can recognize or block similar unwanted
mail in future. See http://spamassassin.org/tag/ for more details.
Content preview: Digial Power Filter
URI:http://www.a1zing29.com/xcart/customer/product.php?productid�144&partner¯fil20
URI:http://www.a1zing29.com/images_fl/filter3.gif If you no longer wish
to receive our offers and updates URI:http://www.a1zing29.com/1/ click
here and we will promptly honor your request. [...]
Content analysis details: (27.20 points, 4.6 required)
MSGID_SPAMSIGN_ZEROES (4.3 points) Message-Id generated by spam tool (zeroes
variant)
INVALID_DATE_TZ_ABSURD (4.3 points) Invalid Date: header (timezone does not
exist)
MSGID_OE_SPAM_4ZERO (3.3 points) Message-Id generated by spam tool (4-zeroes
variant)
OFFERS_ETC (0.6 points) BODY: Stop with the offers, coupons, discounts
etc!
EXCUSE_14 (0.1 points) BODY: Tells you how to stop further spam
HTML_LINK_CLICK_HERE (0.1 points) BODY: HTML link text says "click here"
HTML_MESSAGE (0.1 points) BODY: HTML included in message
HTML_70_80 (0.4 points) BODY: Message is 70% to 80% HTML
HTML_IMAGE_RATIO_02 (0.5 points) BODY: HTML has a low ratio of text to image
area
HTML_IMAGE_ONLY_02 (1.9 points) BODY: HTML has images with 0-200 bytes of words
MSGID_OUTLOOK_TIME (4.4 points) Message-Id is fake (in Outlook Express format)
SUBJ_ALL_CAPS (1.1 points) Subject is all capitals
SUSPICIOUS_RECIPS (2.0 points) Similar addresses in recipient list
FORGED_HOTMAIL_RCVD (1.1 points) Forged hotmail.com 'Received:' header found
DATE_IN_FUTURE_12_24 (2.8 points) Date: is 12 to 24 hours after Received: date
CLICK_BELOW (0.1 points) Asks you to click below
MIME_HTML_ONLY (0.1 points) Message only has text/html MIME parts
The original message did not contain plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
--- Begin Message ---
--- End Message ---
- *****SPAM***** CABLE TV FILTER (fwd),
Tony Shadwick <=