Hi sysadmins, I regularly receive this kind of e-mails spams.
I'm not sure what to think: - it references TMDA which I thought we didn't use anymore - the mail scored 38.3 so it's a candidature for immediate deletion - more generally I wonder if there's a legitimate use for the '-owner' aliases that Mailman creates What do you think? -- Sylvain ----- Forwarded message from GNU Mailing List Manager <[email protected]> ----- Date: Tue, 13 Apr 2010 04:20:09 -0400 (EDT) From: GNU Mailing List Manager <[email protected]> To: [email protected] Subject: Please confirm your message This message was created automatically by mail delivery software (TMDA). Your message attached below is being held because the address <[email protected]> has not been verified. To release your message for delivery, please send an empty message to the following address, or use your mailer's "Reply" feature. [email protected] This confirmation verifies that your message is legitimate and not junk-mail. You should only have to confirm your address once. If you do not respond to this confirmation request within 5 days, your message will not be delivered. Return-path: <[email protected]> Received: from [140.186.70.92] (port=47391 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1O1bLq-0000oE-OS for [email protected]; Tue, 13 Apr 2010 04:20:08 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on eggs.gnu.org X-Spam-Flag: YES X-Spam-Level: ************************************** X-Spam-Status: Yes, score=38.3 required=5.0 tests=BAYES_99,HTML_MESSAGE, IMAGESHACK_URI,JM_SOUGHT_1,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100, RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_BRBL_LASTEXT, RCVD_IN_PBL, RCVD_IN_PSBL, RCVD_IN_SORBS_WEB, RDNS_NONE, RECEIVED_FROM_WINDOWS_HOST, SUBJ_BUY, TO_EQ_FM_DIRECT_MX, TO_EQ_FM_HTML_DIRECT, TO_EQ_FM_HTML_ONLY, TO_NO_BRKTS_NORDNS_HTML, T_SURBL_MULTI1, T_SURBL_MULTI2, T_URIBL_BLACK_OVERLAP,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL, URIBL_PH_SURBL, URIBL_SBL, URIBL_WS_SURBL autolearn=unavailable version=3.3.0 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see <http://www.spamcop.net/bl.shtml?113.22.8.199>] * 3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL * [113.22.8.199 listed in zen.spamhaus.org] * 0.8 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server * [113.22.8.199 listed in dnsbl.sorbs.net] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [113.22.8.199 listed in psbl.surriel.com] * 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT * [113.22.8.199 listed in bb.barracudacentral.org] * 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: dreamcreatorsindia.com] * 0.6 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist * [URIs: dreamcreatorsindia.com] * 4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist * [URIs: dreamcreatorsindia.com] * 1.6 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist * [URIs: dreamcreatorsindia.com] * 1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist * [URIs: dreamcreatorsindia.com] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 0.6 SUBJ_BUY Subject line starts with Buy or Buying * 2.5 RECEIVED_FROM_WINDOWS_HOST RECEIVED_FROM_WINDOWS_HOST * 1.6 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: imageshack.us] * 0.2 IMAGESHACK_URI URI: URI contains imageshack.us * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 4.0 JM_SOUGHT_1 Body contains frequently-spammed text patterns * 0.0 T_SURBL_MULTI2 T_SURBL_MULTI2 * 0.0 T_URIBL_BLACK_OVERLAP T_URIBL_BLACK_OVERLAP * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 T_SURBL_MULTI1 T_SURBL_MULTI1 * 0.0 TO_EQ_FM_HTML_ONLY To == From and HTML only * 0.0 TO_NO_BRKTS_NORDNS_HTML TO_NO_BRKTS_NORDNS_HTML * 0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX * 1.7 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from <[email protected]>) id 1O1bLl-0003ka-LR for [email protected]; Tue, 13 Apr 2010 04:20:05 -0400 Received: from [113.22.8.199] (port=5762) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from <[email protected]>) id 1O1ZDE-0007wC-SA for [email protected]; Tue, 13 Apr 2010 02:03:05 -0400 From: "Top Pharmacy Store" <[email protected]> To: [email protected] Subject: Buy and save, savannah-hackers-owner. All on -75% Uhixuuza Date: Tue, 13 Apr 2010 13:02:40 +0700 MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: Windows 2000 SP4, XP SP1+ Message-Id: <[email protected]> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> <html xmlns="http://www.w3.org/1999/xhtml";> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>other DNA for UCB of of Policies would Inter Speleonectes</title> [etc.] ----- End forwarded message -----
