On 2 Aug 2006 as I do recall, Frank de Bruijn wrote: > In article <d06ad64f4e.harriet@xxxxxxxxxx>, > Harriet Bazley <lists@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > I'm seeing a constant stream of e-mails downloaded by default that > > ought to be deleted by a body test rule that simply checks for the > > presence of a double apostrophe - and which *do* show up as triggering > > that rule when subsequently run through the Trial window after download! > > > I inserted additional Reporter instructions into the user test in > > question which strongly suggest - even more suspiciously - that lines at > > the end of the header are being tested instead of the start of the body > > text. But I honestly can't see any difference between the debug logs > > of the ones that *are* correctly trapped and the ones that aren't. > > > (Logs attached by e-mail; not sure how the mailing list treats > > attachments.) > > The 'raw data dumps'[1] you sent, don't indicate any particular problem > at the 'incoming data' level. What do the mailbox logs say? > Not a lot.... These are the logs for the three sets of headers I sent; the first two passed by default, despite containing similar body text to the third, which was detected and deleted. Message 11 accepted by default From: "Lesa Velazquez" <MSBHTA@xxxxxxxxxxxx> Subject: Invoice Message-ID: <6.9.9.77.2.20031004403053.025b4b48@xxxxxxxxxxxxxxxxxxxxxxx> Message 14 accepted by default From: "Nick Cantu" <nmtbodoaoizy@xxxxxxxxxxxxxxxx> Subject: will expire today Message-ID: <28181130090241.CFB1054DE@xxxxxxxxxxxxxxxxxxxxxxxxxxx> Message 28 deleted on rule 48: Delete Body @ twoticks Icrease Your S''exual Desire and S''perm volume by 500% From: "Brandon Darby" <BVNNLCGVKYJK@xxxxxxxxxxxxxxxxxxxxxxxxxxx> Subject: Your ItsYourDomain domain name service(s) are about to expire. Message-ID: <8453B67C.3216907@xxxxxxxxxxxxxxxxxxxxxx> Deleting everything originating from starnetusa.net seems to have caught all today's bunch, but I'm a bit worried about what's actually going on. :-( (Incidentally, does anyone know what program inserts headers reading "X-Spam: not detected"? I'm extremely tempted to start deleting on that, since SpamStamp reports 65 positive occurrences and zero negative ones so far - it's clearly the output from some generic scanning program which is being faked by the spammer himself, and provided I can be certain it isn't likely to turn up in any genuine e-mails... i.e. it's an ISP-level thing which my own ISP isn't running...) -- Harriet Bazley == Loyaulte me lie == A statement of fact cannot be insolent