[antispam-f] Re: AntiSpam 1.58.2

  • From: Harriet Bazley <lists@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: antispam@xxxxxxxxxxxxx
  • Date: Wed, 02 Aug 2006 22:44:41 +0100

On 2 Aug 2006 as I do recall,
          Frank de Bruijn wrote:

> In article <d06ad64f4e.harriet@xxxxxxxxxx>,
>    Harriet Bazley <lists@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> 
> > I'm seeing a constant stream of e-mails downloaded by default that
> > ought to be deleted by a body test rule that simply checks for the
> > presence of a double apostrophe - and which *do* show up as triggering
> > that rule when subsequently run through the Trial window after download!
> 
> > I inserted additional Reporter instructions into the user test in
> > question which strongly suggest - even more suspiciously - that lines at
> > the end of the header are being tested instead of the start of the body
> > text.   But I honestly can't see any difference between the debug logs
> > of the ones that *are* correctly trapped and the ones that aren't.
> 
> > (Logs attached by e-mail;  not sure how the mailing list treats
> > attachments.)
> 
> The 'raw data dumps'[1] you sent, don't indicate any particular problem
> at the 'incoming data' level. What do the mailbox logs say?
> 
Not a lot....   These are the logs for the three sets of headers I sent;
the first two passed by default, despite containing similar body text to
the third, which was detected and deleted.


Message 11 accepted by default
From: "Lesa Velazquez" <MSBHTA@xxxxxxxxxxxx>
Subject:  Invoice
Message-ID: <6.9.9.77.2.20031004403053.025b4b48@xxxxxxxxxxxxxxxxxxxxxxx>

Message 14 accepted by default
From: "Nick Cantu" <nmtbodoaoizy@xxxxxxxxxxxxxxxx>
Subject:  will expire today
Message-ID: <28181130090241.CFB1054DE@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

Message 28 deleted on rule 48:
Delete Body @ twoticks
Icrease Your S''exual Desire and S''perm volume by 500%
From: "Brandon Darby" <BVNNLCGVKYJK@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject:  Your ItsYourDomain domain name service(s) are about to expire.
Message-ID: <8453B67C.3216907@xxxxxxxxxxxxxxxxxxxxxx>


Deleting everything originating from starnetusa.net seems to have caught
all today's bunch, but I'm a bit worried about what's actually going on.
:-(


(Incidentally, does anyone know what program inserts headers reading
"X-Spam: not detected"?   I'm extremely tempted to start deleting on
that, since SpamStamp reports 65 positive occurrences and zero negative
ones so far - it's clearly the output from some generic scanning program
which is being faked by the spammer himself, and provided I can be
certain it isn't likely to turn up in any genuine e-mails... i.e. it's
an ISP-level thing which my own ISP isn't running...)

-- 
Harriet Bazley                     ==  Loyaulte me lie ==

A statement of fact cannot be insolent

Other related posts: