[NCLUG] Spam Assassin/closed list
Eric Brunson
brunson at level3.net
Mon Jun 3 16:30:50 MDT 2002
SpamAssassin rewrites the Subject header (thereby violating the
principle of least munging ;-) so ensuing procmail rules can either
ditch them or reroute them to a different mailbox.
SpamAssassin has correctly assassinated 624 spam emails on my private
account since May 7 with no false positives and maybe 20 false
negatives.
Here's an example of SpamAssassin's output:
From: moneytree4u at btamail.net.cn
To: <ab.procter at sunpoint.net>
Subject: *****SPAM***** Free Business & Personal Aid
Date: Mon, 03 Jun 2002 11:49:34 -0500
Message-ID: <000066914e98$00003d82$000078e0 at mail1.btamail.net.cn>
SPAM: -------------------- Start SpamAssassin results ----------------------
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details: (27.48 hits, 5 required)
SPAM: Hit! (4.24 points) Faked To "Undisclosed-Recipients"
SPAM: Hit! (1.2 points) From: does not include a real name
SPAM: Hit! (1 point) Subject contains lots of white space
SPAM: Hit! (2.37 points) Invalid Date: header (timezone does not exist)
SPAM: Hit! (0.01 points) BODY: Asks you to click below
SPAM: Hit! (1 point) BODY: Includes a 'remove' email address
SPAM: Hit! (1.07 points) BODY: Includes a link to a likely spammer email address
SPAM: Hit! (1.27 points) BODY: Includes a link to send a mail with a subject
SPAM: Hit! (0.8 points) BODY: Includes a URL link to send an email
SPAM: Hit! (0.01 points) BODY: Includes a URL link to send an email with the subject 'remove'
SPAM: Hit! (1.82 points) BODY: Link to a URL containing "remove"
SPAM: Hit! (1.8 points) BODY: Tells you to click on a URL
SPAM: Hit! (1.56 points) Contains phrases frequently found in spam
SPAM: [score: 22, hits: click here, from future, from]
SPAM: [our, future mailings, list click, mailing list,]
SPAM: [much more, our mailing]
SPAM: Hit! (3 points) Listed in Razor, see http://razor.sourceforge.net/
SPAM: Hit! (1 point) spam-phrase score is over 20
SPAM: Hit! (3.33 points) HTML-only mail, with no text version
SPAM: Hit! (2 points) Received via a relay in relays.ordb.org
SPAM: [RBL check: found 109.246.14.12.relays.ordb.org.]
SPAM:
SPAM: -------------------- End of SpamAssassin results ---------------------
And the original email follows the results...
* crucial (crucial at elm.he.net) [020529 14:08]:
> It is with great trepidation that I enter this fray ;^)
>
> On Wed, 29 May 2002, Matt Taggart wrote:
> > My main problem is having to change the way it should be just to deal with
> > the scum of the earth. It's effectively saying to legitimate senders, "We
>
> Yes, this bothers me too. I'd rather filter spam than impose a delay on
> legitimate list activity, if such a choice were possible.
>
> > Can we at least agree that pursuing a spam-assassin solution first is a
> > good idea. If we can't fix it that way then we can consider closing the
> > list or something else. OK?
>
> I'm cool wid dat. The name alone makes me want to see it in action.
>
> --Rich Young
>
> _______________________________________________
> NCLUG mailing list NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug
--
Eric Brunson brunson at level3 dot net
tcA thgirypoC muinelliM latigiD eht detaloiv tsuj evah uoY
More information about the NCLUG
mailing list