I have attached a spam i keep getting,
no, you've quoted it in text-only form without all the headers... All I can tell from what you posted is it's using bayes poison.. There's no way from that little snippet to see what rules the email matched.
Fortunately, I've gotten an identical spam recently and could look at the real format of it. Mine got this:
X-EVI-MailScanner-SpamCheck: not spam, SpamAssassin (score=4.939, required 5,
BAYES_40 -0.00, HTML_60_70 0.11, HTML_FONT_INVISIBLE 0.60,
HTML_IMAGE_ONLY_04 1.00, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32,
MSGID_FROM_MTA_HEADER 0.70, RCVD_IN_BL_SPAMCOP_NET 1.50,
RCVD_IN_CHINA_KR 0.50, RCVD_IN_RFCI 0.10)(note: RCVD_IN_CHINA_KR is not a default rule, it's one I added based on blackholes.us. I keep the score very modest on it.. it's more informational than anything else.)
This kind of spam has a particularly unusual HTML pattern that I made a rule for.. it's got a lot of HTML font tags setting the color, but no ending tags..
rawbody __LOCAL_FONT_COLOR /\<font color\=/i
rawbody __LOCAL_FONT_TERM /\<\/font\>/i
meta LOCAL_HTML_FONT_COLOR_NOTERM (__LOCAL_FONT_COLOR && !__LOCAL_FONT_TERM )
score LOCAL_HTML_FONT_COLOR_NOTERM 0.5
describe LOCAL_HTML_FONT_COLOR_NOTERM has an HTML font color tag with no font tag terminators
I've currently got the score set low because I've only been testing it for a few days, but I've only had one false match so far (and even that was where someone on SA-talk was discussing a spam pattern, but could happen in a legitimate discussion of HTML tags).
Some other people have posted rules on the list to pick up the yahoo redirector technique they are abusing..
------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
