On Wed, 14 Mar 2007, Daryl C. W. O'Shea wrote:
Brian Wilson wrote:
Ok, I've got one; apparently from a gmail user to my gmail account, then
forwarded to an external account. The html links go to a blogspot.com
site, then redirect to some Pharmacy Express site.
Raw Message: http://bubba.org/spam/spam_lowscore.txt
Message renders like this: http://bubba.org/spam/spam_lowscore.jpg
X-Spam-Status: No, score=-0.5 required=4.5 tests=BAYES_50,HTML_MESSAGE,
SPF_PASS autolearn=no version=3.1.8
X-Spam-Report:
* -0.5 SPF_PASS SPF: sender matches SPF record
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
* [score: 0.4641]
Any ideas for detecting these?
The WebRedirect plugin will help (if you add *.blogspot.com to the list of
domains it's supposed to check).
Daryl
I installed the plugin, added *.blogspot.com to the list, and the plugin
didn't flag anything for this particular message.
[13718] dbg: plugin: Mail::SpamAssassin::Plugin::WebRedirect=HASH(0x8f54e7c) implements
'parsed_metadata'
[13718] dbg: uri: html uri found, http://osmmehaaranrev.blogspot.com/
[13718] dbg: uri: cleaned html uri, http://osmmehaaranrev.blogspot.com/
[13718] dbg: uri: html domain, blogspot.com
[13718] dbg: uri: parsed uri found, http://osmmehaaranrev.blogspot.com/
[13718] dbg: uri: parsed domain, blogspot.com
[13718] dbg: uridnsbl: domain blogspot.com in skip list
[13718] dbg: uridnsbl: domains to query:
[13718] dbg: rules: hostname: osmmehaaranrev.blogspot.com matches check
pattern: *.blogspot.com
[13718] dbg: rules: checking uri: http://osmmehaaranrev.blogspot.com/
[13718] dbg: rules: request status: 200 OK
[13718] dbg: rules: got response to request in 0.813493 seconds
[13718] dbg: rules: _decode_page() iteration 0
[13718] dbg: rules: WebRedirect page text: start>>
<data from page>
[13718] dbg: rules: WebRedirect decoded text: start>><<end
Did this work for you?
