On Sunday 24 October 2004 08:35 am, Peter Clark wrote:
> Apparently hawking Rolexes is the in thing with spammers these days. I
> haven't seen any rulesets around that would help combat it, so I wrote
> one.
>
> It's available at http://www.violetdreams.com/sa/rolex.cf if anyone would
> like to try it or critique it.
>
> It was written and tested under SA 3.0.1.
Peter, as shown below, network checks and the SURBL's have no problems
picking up the Rolex stuff:
X-Spam-DCC: neonova: cpollock 1127; Body=1 Fuz1=many Fuz2=many
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on cpollock
X-Spam-Level: *************************************
X-Spam-Status: Yes, hits=37.7 required=5.0 tests=AB_URI_RBL,BAYES_99,
BE_AMAZED,DATE_IN_FUTURE_12_24,DCC_CHECK,HTML_50_60,HTML_MESSAGE,
JP_URI_RBL,MIME_HTML_ONLY,OB_URI_RBL,PYZOR_CHECK,
RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_DSBL,SPAMCOP_URI_RBL,
WS_URI_RBL autolearn=no version=2.63
X-Spam-Pyzor: Reported 2292 times.
X-Spam-Report:
* 0.1 BE_AMAZED BODY: Apparently, you'll be amazed
* 0.1 HTML_MESSAGE BODY: HTML included in message
* 1.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence between
51 and 100
* [cf: 100]
* 4.3 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 0.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
* 2.1 OB_URI_RBL URI's domain appears in ws database at
ob.surbl.org
* [iyikkrpeatdocu.nteri.com is blacklisted in URI]
[RBL at multi.surbl.org]
* 3.0 SPAMCOP_URI_RBL URI's domain appears in spamcop database at
sc.surbl.org
* [iyikkrpeatdocu.nteri.com is blacklisted in URI]
[RBL at multi.surbl.org]
* 2.1 WS_URI_RBL URI's domain appears in ws database at
ws.surbl.org
* [iyikkrpeatdocu.nteri.com is blacklisted in URI]
[RBL at multi.surbl.org]
* 4.0 JP_URI_RBL URI's domain appears in JP at
http://www.surbl.org/lists.html
* [iyikkrpeatdocu.nteri.com is blacklisted in URI]
[RBL at multi.surbl.org]
* 5.0 AB_URI_RBL URI's domain appears in ab.surbl.org
* [iyikkrpeatdocu.nteri.com is blacklisted in URI]
[RBL at ab.surbl.org]
* 3.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 2.5 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
* 2.7 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
* 3.2 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received:
date
* 3.2 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
* [<http://dsbl.org/listing?203.251.49.206>]
--
Chris
Registered Linux User 283774 http://counter.li.org
9:16am up 16:26, 1 user, load average: 0.25, 0.18, 0.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Usage: fortune -P [] -a [xsz] [Q: [file]] [rKe9] -v6[+] dataspec ...
inputdir
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
