Ian Zimmerman kirjoitti 7.2.2017 4:46:
On 2017-02-06 20:06, Kevin A. McGrail wrote:
> Last couple of weeks I saw some messages whose entire contents is in
> the Subject.
never seen such a monster. likely killed by some other piece in the
puzzle. Throw it up on pastebin?
http://pastebin.com/PYaMcZa7
(I was wrong, the subject is actually one enormous line, it was my MUA
that folded it.)
On 07.02.17 09:05, Jari Fredriksson wrote:
Content analysis details: (11.5 points, 5.0 required)
pts rule name description
- ---- ----------------------
- --------------------------------------------------
1.0 GENERIC_IXHASH No description available.
3rd party plugin
0.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source
[183.79.56.200 listed in dnsbl.sorbs.net]
1.5 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=1.2.3.12,rdns=disorder.censored.net,maildomain=outlook.fr,baddns]
3rd party plugin (iirc reported to cause issues at providers with dynamic IPs)
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see
http://www.openspf.org/Why?s=helo;id=acedia.censored.net;ip=1.2.3.12;r=gamecock.fredriksson.dy.fi]
0.7 SPF_SOFTFAIL SPF: sender does not match SPF record
(softfail)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
(flexdanacheam[at]outlook.fr)
1.0 HTML_MESSAGE BODY: HTML included in message
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5061]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
1.0 L_FROM_NOT_REPLY From: and Reply-To: have different domains
local rule.
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 MONEY_BARRISTER Lots of money from a UK lawyer
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different
freemails
0.0 FILL_THIS_FORM Fill in a form with personal information
0.0 T_FILL_THIS_FORM_LONG Fill in a form with personal information
2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail
reply-to
0.0 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of money
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
11.5 - 3.5 = 8.0
also, the OP got RCVD_IN_MSPIKE_H2 (-1.9), which was apparently removed since.
the op may be early recipient, which is why you've got PYZOR hit, while the
OP had not. If the OP doesnt't use pyzor, I recomment to use it - using
razor, pyzor and DCC is very good idea although they need external software.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...
