Personal SpamAssassin Spam Score Record Broken.

December 22nd, 2006

Holy shit. I wasn’t going to post so soon after yesterday’s but this is insane. I am running SpamAssassin on this server which awards to emails it considers spam based on various criteria. Bearing in mind the default (afaik – mine is anyway) cut off is 6 points, I was somewhat suprised to see a message that scored a whopping 49.8 points in my junk tray – a good five points over my previous record.

Here’s the summary – why the hell did the sender think this would ever get anywhere?

Spam detection software, running on the system "xxxxxxxxxxxxxx", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see the administrator
of that system for details.
Content preview:  email advertise like this to 8,000,000 people... free..
  http://www.advertisingemailcorporation.com/ the above noncommercial
  offer is only for noncommercial charities only. press on charity info on
  our web site for full and complete details. this offer is not a
  commercial service and is not at all for sale or lease or trade of any
  kind. [...]
Content analysis details:   (49.8 points, 6.0 required)
 pts rule name              description
---- ---------------------- --------------------------------------------------
 2.4 MSGID_YAHOO_CAPS       Message-ID has ALLCAPS@yahoo.com
 4.5 MIME_BOUND_DD_DIGITS   Spam tool pattern in MIME boundary
 1.0 NO_REAL_NAME           From: does not include a real name
 1.5 FROM_BLANK_NAME        From: contains empty name
 2.2 HELO_DYNAMIC_SPLIT_IP  Relay HELO'd using suspicious hostname (Split
                            IP)
 4.4 MSGID_SPAM_CAPS        Spam tool Message-Id: (caps variant)
 0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay lines
 3.5 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
                            [score: 1.0000]
 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                            above 50%
                            [cf: 100]
 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
                            above 50%
                            [cf: 100]
 1.0 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf: 100]
 2.2 DCC_CHECK              Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
 3.9 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
                            [83.45.130.42 listed in sbl-xbl.spamhaus.org]
 1.9 RCVD_IN_NJABL_DUL      RBL: NJABL: dialup sender did non-local SMTP
                            [83.45.130.42 listed in combined.njabl.org]
 3.7 RCVD_DOUBLE_IP_SPAM    Bulk email fingerprint (double IP) found
 1.8 MISSING_SUBJECT        Missing Subject: header
 0.8 DIGEST_MULTIPLE        Message hits more than one network digest check
 1.6 MISSING_MIMEOLE        Message has X-MSMail-Priority, but no X-MimeOLE
 2.1 REPTO_QUOTE_YAHOO      Yahoo! doesn't do quoting like this
 3.7 FORGED_MSGID_YAHOO     Message-ID is forged, (yahoo.com)
 4.1 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook
The original message was not completely plain text, and may be unsafe to open with
some email clients; in particular, it may contain a virus, or confirm that your address
can receive spam.  If you wish to view it, it may be safer to save it to a file and open
it with an editor.
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.15.25/593 - Release Date: 19/12/2006 13:17

Tags: , , ,
Posted in Internet, Spam & Viruses | No Comments »

Last entry before Christmas?

December 21st, 2006

Just taking a few minutes out to say have a Merry Christmas and a Happy New Year. This will probably be the last entry before Chrimbo so make sure you all have a good ‘un.

I’ve run about doing a spot of Christmas Shopping this morning, printed out the last few photos from the Amir Khan night and dropped those off, and we’re off to see a local(ish) author we know to get some of her books signed ready go sort out as Christmas presents. Hopefully we’ll all be done and dusted by the weekend, although there’s still a pile of stuff to wrap…

Oh, and we need to get some food bits sorted out as well. Sheesh!

Last day of work tomorrow. I’m not sure how things will go because although I have some stuff I can be getting on with, I can’t start anything too major. I’ll be bringing my laptop home with me over the Christmas and New Year period anyway, so I can get some stuff done if I get too bored. Nobody will really be in the mood to work, either.

There will be a new website design coming in the new year, hopefully with a new feature – an anonymous chat board. It’s a little experiment I’m putting together and it will be interesting to see if it either grows to a cool community or becomes a den of spam and botposts. Watch out for that one.

Right, I need a shave…

Tags: ,
Posted in Various | No Comments »

Hnnnngh…

December 19th, 2006

Spammers. I hates ‘em, precious. I’ve just had 600 bounces from spam sent out on behalf of these c*nts after they found an insecure mail form and injected some headers. Not on this server, thankfully.

I’ve given up trying to buy a Wii. I only want to spend £250 and it’s just hopeless, so I’m not going to bother anymore. M is buying herself a DS Lite, but she’s going for the pink one so I can’t play it (wouldn’t be seen dead holding a pink… well, anything).

Other than that, Christmas is a rather skint affair this year. We’ll have family and food to look forward to but that’s about it. Haven’t even bought myself anything yet.

Edit
LOL – scrub that. I just got a Wii from Germany for £245. :-)

Tags: ,
Posted in Games | No Comments »

Spam, Spammers and Blocklists, oh my!

December 5th, 2006

I’m getting heartily sick of the whole email/spam/rbl situation at the moment.

Our office IP was blocked because we sent out a mass email on behalf of a customer, and it’s proving a pain in the arse to get it off the block lists. Not only does it take weeks, but customers are apparently using RBLs that – according to DNSStuff at least – should not be used.

AOL decided to block email from our server because we had an unsecure script on there at some point in the past. Rather than TELL us, the just blocked us and left it at that. Thanks, AOL! I’m now jumping through their hoops to try and get the ban lifted so that our clients can receive email directly (some of them insist on having their email forwarded to AOL, sigh…) rather than having me forward the bounces.

Customers don’t seem to appreciate how much spam/virus crap we’re dealing with these days. With SpamAssassin and MailScanner both running on the server I still receive around 30 a day that are slipping through. We have our spam filter level set at the default of 6 points and it catches the occasional legit email, so I dare not set it any lower.

And just today I had some stupid script kiddy hacker crap to put up with. Some pillock over at 222.121.133.34 (a Kornet IP) decided to script scan the server for default passwords, over and over again, from the same IP. Thanks, Korea! Jesus. I’ve sent them an email but I’m not holding out much hope.

It is time to go home yet?

Tags: , ,
Posted in Internet, Problems, Spam & Viruses | No Comments »