[antispam-f] Re: AntiSpam 1.58.2
- From: Harriet Bazley <lists@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: antispam@xxxxxxxxxxxxx
- Date: Wed, 02 Aug 2006 22:44:41 +0100
On 2 Aug 2006 as I do recall,
Frank de Bruijn wrote:
> In article <d06ad64f4e.harriet@xxxxxxxxxx>,
> Harriet Bazley <lists@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> > I'm seeing a constant stream of e-mails downloaded by default that
> > ought to be deleted by a body test rule that simply checks for the
> > presence of a double apostrophe - and which *do* show up as triggering
> > that rule when subsequently run through the Trial window after download!
>
> > I inserted additional Reporter instructions into the user test in
> > question which strongly suggest - even more suspiciously - that lines at
> > the end of the header are being tested instead of the start of the body
> > text. But I honestly can't see any difference between the debug logs
> > of the ones that *are* correctly trapped and the ones that aren't.
>
> > (Logs attached by e-mail; not sure how the mailing list treats
> > attachments.)
>
> The 'raw data dumps'[1] you sent, don't indicate any particular problem
> at the 'incoming data' level. What do the mailbox logs say?
>
Not a lot.... These are the logs for the three sets of headers I sent;
the first two passed by default, despite containing similar body text to
the third, which was detected and deleted.
Message 11 accepted by default
From: "Lesa Velazquez" <MSBHTA@xxxxxxxxxxxx>
Subject: Invoice
Message-ID: <6.9.9.77.2.20031004403053.025b4b48@xxxxxxxxxxxxxxxxxxxxxxx>
Message 14 accepted by default
From: "Nick Cantu" <nmtbodoaoizy@xxxxxxxxxxxxxxxx>
Subject: will expire today
Message-ID: <28181130090241.CFB1054DE@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Message 28 deleted on rule 48:
Delete Body @ twoticks
Icrease Your S''exual Desire and S''perm volume by 500%
From: "Brandon Darby" <BVNNLCGVKYJK@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Your ItsYourDomain domain name service(s) are about to expire.
Message-ID: <8453B67C.3216907@xxxxxxxxxxxxxxxxxxxxxx>
Deleting everything originating from starnetusa.net seems to have caught
all today's bunch, but I'm a bit worried about what's actually going on.
:-(
(Incidentally, does anyone know what program inserts headers reading
"X-Spam: not detected"? I'm extremely tempted to start deleting on
that, since SpamStamp reports 65 positive occurrences and zero negative
ones so far - it's clearly the output from some generic scanning program
which is being faked by the spammer himself, and provided I can be
certain it isn't likely to turn up in any genuine e-mails... i.e. it's
an ISP-level thing which my own ISP isn't running...)
--
Harriet Bazley == Loyaulte me lie ==
A statement of fact cannot be insolent
Other related posts:
