Re: Spam in the lists out of control

To: debian-devel@lists.debian.org
Subject: Re: Spam in the lists out of control
From: Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch>
Date: Mon, 10 May 2004 13:06:16 +0200
Message-id: <[🔎] 200405101306.16766@fortytwo.ch>
In-reply-to: <[🔎] 20040510090740.GA24987@on.debian.linux.org.pl>
References: <[🔎] Pine.LNX.4.58.0405091544530.5151@cantor.unex.es> <[🔎] c7nd84$90s$1@sea.gmane.org> <[🔎] 20040510090740.GA24987@on.debian.linux.org.pl>

On Monday 10 May 2004 11.07, Bartosz Fenski aka fEnIo wrote:

> http://skawina.eu.org/spam.gpg
>
> It's almost empty message with some html and one gif picture which
> includes some Viagra prices.
>
> And the worst thing... it is GPG signed.
>
> How to filter such stuff?

spamassassin, from current testing:

| Content analysis details:   (6.1 points, 5.0 required)
|
|  pts rule name              description
| ---- ---------------------- --------------------------------------------------
| -0.0 BAYES_44               BODY: Bayesian spam probability is 44 to 50%
|                             [score: 0.4630]
|  1.0 HTML_MESSAGE           BODY: HTML included in message
|  1.0 HTML_70_80             BODY: Message is 70% to 80% HTML
|  0.1 BIZ_TLD                URI: Contains a URL in the BIZ top-level domain
|  1.1 RCVD_IN_SORBS_HTTP     RBL: SORBS: sender is open HTTP proxy server
|                             [194.96.20.68 listed in dnsbl.sorbs.net]
|  1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
|                 [Blocked - see <http://www.spamcop.net/bl.shtml?194.96.20.68>]
|  0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
|                             [194.96.20.68 listed in dnsbl.sorbs.net]
|  1.3 MIME_BOUND_NEXTPART    Spam tool pattern in MIME boundary


Whereas some of the spam polluting the Debian lists scores only 1.3 or
so. I'm currently looking into tweaking my scores to catch these, too, 
so at least I don't have to deal with spammy Debian lists.

Some scores on this message are nonstandard:
score HTML_MESSAGE 1 (default .1)
score HTML_70_80 1 (default .1)
score MIME_BOUND_NEXTPART 1.307 (default .499)

I haven't tweaked my scores in the last 2 months, and I have had only
two false positives recently (both were HTML messages).

cheers
-- vbi

-- 
The content of this message may or may not reflect the opinion of me, my
employer, my girlfriend, my cat or anybody else, regardless of the fact
whether such an employer, girlfriend, cat, or anybody else exists.  I
(or my employer, girlfriend, cat or whoever) disclaim any legal
obligations resulting from the above message.  You, as the reader of
this message, may or may not have the permission to redistribute this
message as a whole or in parts, verbatim or in modified form, or to
distribute any message at all.

Attachment: pgpp5N7o8ZPHw.pgp
Description: signature

Reply to:

References:
- Spam in the lists out of control
  - From: Santiago Vila <sanvila@unex.es>
- Re: Spam in the lists out of control
  - From: "Eike \"zyro\" Sauer" <eikes@cs.tu-berlin.de>
- Re: Spam in the lists out of control
  - From: Bartosz Fenski aka fEnIo <fenio@o2.pl>

Prev by Date: Re: Spam in the lists out of control
Next by Date: Re: Spam in the lists out of control
Previous by thread: Re: Spam in the lists out of control
Next by thread: Re: Spam in the lists out of control
Index(es):
- Date
- Thread