On Fri, 2010-10-15 at 05:18 -0700, Niente0 wrote:
>
> Yet Another Ninja wrote:
> >
> > On 2010-10-15 12:58, Niente0 wrote:
> > pls post a spam sample on pastebin.com and send the link to the list
> >
>
> Hi, I tried with 3 different browsers but pastebin.com shows only a blank
> page after submitting text. So I posted it here:
>
> http://snipt.org/koRn/
>
That gets a score of 10.0 here:
0.0 HAS_SHORT_URL Message contains one or more shortened URLs
3.4 RCVD_ILLEGAL_IP Received: contains illegal IP address
3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[115.240.47.73 listed in zen.spamhaus.org]
1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
[115.240.47.73 listed in
bb.barracudacentral.org]
0.1 MG_OPTOUT BODY: Opting out required
0.0 HTML_MESSAGE BODY: HTML included in message
1.3 RDNS_NONE Delivered to internal network by a host with
no rDNS
0.0 MG_WRONG_DOMAIN Message not received via example.com
HAS_SHORT_URL is a rule related to the DecodeShortURLs 3rd party plugin
My private rules (MG_OPTOUT, MG_WRONG_DOMAIN) have little effect on it
because their scores are low (they are used as part of meta rules):
body MG_OPTOUT /(if you do not want to receive|se
non.{1,20}ricevere|not interested anymore.{1,60}unsubscribe)/i
header __MG_WDD1 To !~ /example\.com/
header __MG_WDD2 List-id =~ /<\S{1,40}>/
meta MG_WRONG_DOMAIN (__MG_WDD1 && !__MG_WDD2)
I tested a slight variant, which allows whitespace after "<", on Yet
Another Ninja's suggested rule, mainly because I'd previously guessed
that the same regex would do the job and wanted to see if my guess was
right:
describe MG_MUNGE_TOUT 'To:' header contains "<"
header MG_MUNGE_TOUT To =~ /^\"\<\"\s*\</
score MG_MUNGE_TOUT 2.0
and this works as advertised.
Martin
