On Sun, 2011-01-23 at 17:56 +0100, Starckjohann, Ove wrote:
> During the last days we got many of these spammails.
>
> http://www.ghds.de/spam/spam1_eml.txt
> http://www.ghds.de/spam/spam2_eml.txt
> http://www.ghds.de/spam/spam3_eml.txt
I ran the first one through my setup (SA 3.1.1 with URIBLs enabled) and
got a score of 7.9:
0.0 HAS_SHORT_URL Message contains one or more shortened URLs
1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
[URIs: migre.me]
1.8 URIBL_BLACK Contains an URL listed in the URIBL
blacklist
[URIs: migre.me]
-0.0 NO_RELAYS Informational: message was not relayed
via SMTP
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: migre.me]
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
headers
0.0 SHORT_URIBL Message contains shortened URL(s) and also
hits a URIDNSBL
The only unusual plugins are MimeMagic, which hasn't fired, and
DecodeShortURLs, which did fire but only added a small score
Martin
