Re: ***SPAM*** (12.46/05.00) ** [Exim] spamassasin

Author: Larry Rosenman
Date:
To: De Leeuw Guy, EXIM
Old-Topics: [Exim] spamassasin
Subject: Re: ***SPAM*** (12.46/05.00) ** [Exim] spamassasin

--

--On Monday, December 22, 2003 15:23:33 +0000 De Leeuw Guy
<G.De_Leeuw@???> wrote:

> Hello,
> I use exim 4.30 with sa-exim-3.1
> Work fine except when I receive spam with attachments that cannon open
> It is possible to reject also this spam ? see below
> Guy
My SA with the BackHair rules, scored this one a 12.46:

Content analysis details: (12.5 points, 5.0 required)

 pts rule name              description
---- ----------------------
--------------------------------------------------
 0.5 PENIS_ENLARGE2         BODY: Information on getting larger
penis/breasts
 0.1 LG_4C_2V_3C            BODY: Gibberish found?
 1.0 OACYS_CONS_6           BODY: Email has six consonants in a row
 2.7 PENIS_ENLARGE          BODY: Information on getting larger
penis/breasts
-0.0 BAYES_44               BODY: Bayesian spam probability is 44 to 50%
                            [score: 0.4991]
 0.1 HTML_60_70             BODY: Message is 60% to 70% HTML
 0.1 HTML_MESSAGE           BODY: HTML included in message
 0.0 RM_rb_BREAK            BODY: Testing for HTML Break in emails
 1.0 J_BACKHAIR_22          BODY: 2 letters - Unsightly html tag - 2 letters
 1.0 J_BACKHAIR_21          BODY: 2 letters - Unsightly html tag - 1 letters
 1.0 J_BACKHAIR_23          BODY: 2 letters - Unsightly html tag - 3 letters
 1.0 J_BACKHAIR_31          BODY: 3 letters - Unsightly html tag - 1 letters
 1.0 J_BACKHAIR_32          BODY: 3 letters - Unsightly html tag - 2 letters
 1.0 J_BACKHAIR_11          BODY: 1 letters - Unsightly html tag - 1 letters
 1.0 J_BACKHAIR_13          BODY: 1 letters - Unsightly html tag - 3 letters
 1.0 J_BACKHAIR_12          BODY: 1 letters - Unsightly html tag - 2 letters

the backhair rules can be found at:
<http://www.emtinc.net/includes/backhair.cf>

Enjoy,
LER

>
>
> Received: from smtp.eurofer.be
> (pcDev.eurofer.be [192.168.3.188])
> by ns.eurofer.be
> (AIX4.3/8.9.3/8.9.3) with ESMTP id
> OAA15834 for
> <g.de_leeuw@???>; Mon, 22 Dec
> 2003 14:23:17 +0100
> Received: from [218.39.125.156]
> (helo=ipactive.de) by
> smtp.eurofer.be with smtp (Exim
> 4.30) id 1AYPvI-0001dE-AV for
> g.de_leeuw@???; Mon, 22 Dec
> 2003 14:16:37 +0100
> Message-ID:
> <6fba01c3c899$5d667ae9$7ab73c9a@???>
> De: Claude Cuevas
> <c_cuevas_my@???>
> À: g.de_leeuw@???
> Date: Mon, 22 Dec 2003 14:37:13
> +0000
> MIME-Version: 1.0
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express
> 6.00.2800.1158
> X-MimeOLE: Produced By Microsoft
> MimeOLE V6.00.2800.1165
> Content-Transfer-Encoding: 8bit
> X-SA-Exim-Mail-From:
> c_cuevas_my@???
> Sujet: ^^th_e da'y h;as com.e..
> pjudncbfryqwk
> X-Spam-Flag: YES
> X-Spam-Checker-Version:
> SpamAssassin 2.60
> (1.212-2003-09-23-exp) on
> pcDev.eurofer.be
> X-Spam-Status: Yes, hits=6.7
> required=5.0
> tests=FORGED_OUTLOOK_HTML,
> FORGED_OUTLOOK_TAGS,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
> MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,PENIS_ENLARGE,PENIS_ENLARGE2,
> UPPERCASE_25_50 autolearn=no version=2.60 X-Spam-Level: ******
> Content-Type: multipart/mixed;
> boundary="----------=_3FE6EEB6.9F0AD7BD"
> X-SA-Exim-Version: 3.1 (built jeu
> déc 18 16:33:26 CET 2003)
> X-SA-Exim-Scanned: Yes
> X-Evolution-Source:
> imap://guy@mail.eurofer.be/
>
> Impossible d'analyser le message MIME. Afficher comme source
> <META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
> <kvkmcxudgst><kswyzfldhow>E<ktargcxdzvl>N<kpliymudodivew>LA<knohhkonui
> io>RG<ksiodwbbmyolbrc>E Y<khdaidkcpcvdn>OU<klzlgyddmniky>R
> P<kcyjktlbwijo>EN<kxdnuuvdqpuhvhb>I<kcjcjvvcanmqk>S
> N<kzrulsscqyeuvf>OW<kcnnlquopmwsmt> <kyyhwkqdkkkte>-
> D<keocxysdexb>ON<kpemtdjcvifd>'T
> W<kpjfrofdncfz>AI<kaimynxomerhwb>T A<khwzlbzbnrvmm>N<kefwlcpckkvk>Y
> L<klvtubydqrsj>O<kxmfvppcdvqrkdc>NG<kjmlaidcjtrlnce>ER<kfgbnmizudpwjd>!
> L<kaaeuyttnjlys>EA<kddppbbbpca>RN<kgbafxdqchrikb>
> <knxvxezvhiuq>MO<ktsutqbuyixnlbf>RE<kjvzamqdwfaprud>
> <kyvmvrlctdlmakb>B<ksuoxkxdhxwcru>EL<krtrgejmnrd>O<kgjojeiijbrhsc>W.<kqbd
> apaduukk>.<klxmfnduuezimbq>. 
> <kgtqfftdkim>P<ktknymxbywmg>u<kmquhfadtaaa>mp<khhfrstnqps>s,
> <kcdvmotisiemi>Su<kglgonwcgfmkkk>rg<keyrjfnwnce>er<ksremvfdrnpei>y,
> a<klsbeyrczxzgkq>ll<kophnjkuxmkjh>
> t<kbmkufbhbyktbq>ha<ksqiktqchyv>t
> b<kqleuiabckzih>ul<kafyhryaoqr>lsh<kcghwfudbnrslu>it
> D<kescuolcubd>OE<kyegmxydxkuhv>S N<kkcfkxzdjicalt>OT<kxmtxqycevd>
> W<kxmjhwlcvkt>O<kixutiqchfjmptd>RK<kkomfkfduuc>
> F<kipipqhufwqb>OR<klbppyedtesh>
> S<kavqfltdngsg>HI<kqeasapcmavdcc>T!<kfzufqhmuqv> 
> <keckntxdbboyg>h<kveuzqtdinq>t<kbqwktoiykysecv>tp<kphprxkdvqshsc>:/<kx
> gcrcqdqyeiw>/<kitumxqcopivhx>w<kmklmzrpokbvubd>w<kgpkydrquca>w.g<kvxdbqed
> vutlwc>o<kcmosolcuslgik>no.u<keqciaqdqgwcalb>s/v<krtblocclcwxanb>p/?m<klo
> zalkbafhca>9<kumtqgboxdmj>n<kcrxeozdzwrig>8<kuqyiniyqode>b<kvverwwchypjjm
> g>7<kurzioxdvkd>v<kakbevscejtfp>6<kvziomzcmsl><kadnafologg>
> <kahvywvdpacrz><<khsxejcmdch>--<kunxplkbjogcgx>-<kosqsvebhbvqc>-<kesuhmis
> okg>-<khmulbndmcn> <kzvksjfbwrhoxv>co<knpebqctikn>py<kwmhlfbfmopeh>
> p<keiyqobbobbw>as<kfpquwwcoqc>t<kvkaootdclutxdd>e
> <knxggndtnadw>U<kevixibbpgilrsb>R<kbbhsrxboskbanc>L<ktlwqdcdcntcen
> f> <ktgtluqdoymtywi>i<kpgrubmckxbel>nt<kffqksxbxizs>o
> b<kbiofcanbufm>ro<kxzebvmcfdncx>ws<kinxyiobtibrfoc>e<krzncspcekdqe>r
> t<kypxcobbisyza>o
> l<kuikcnibdaocewm>ea<kylswmubtdxirud>r<kpljztrdarbtw>n
> <knxcjnxhqufwqd>m<koqsjvhgsyiplbv>or<kvbmjkkiryhkwd>e<kofotxyavkwf>
> a<kxffzqddtqa>b<kjbqhsodoyq>ou<kvrwaiodsmbjsxd>t<krpdflxdxqzn>
> u<kdnpquudzqcn>s<kgdrlxvjejbd>in<kstlmcrdczzi>g
> <kkooleubaanj>he<krpdbqudptc>r<kyxvckddmplwhgc>ba<kvqqbrjcorio>l
> <kwiqfoabjszwkk>p<kzfajbdtgyvkq>il<kkvibrudhjc>l<kzarnxvdptq>s<kpczjoadru
> hol>.<kikqyysbepnxsu>.<kmiqvdbbluyd> <kogrhdidfvxwbyc> <kcvdhliqjwa
> edg>
> <kmatfbeilbmxk>h<kxswffydszcjctb>t<kwxilzqogpyhb>t<kfdnfjodrcuuqcp>p<k
> hwhplbcgkrcrl>:<kfdhdziecavqmtu>/<kmctmyldgksnvb>/w<klgoaxbwuxfptd>w<kjxc
> fxwtjyv>w.g<kzrzntudivbelpd>o<ktmbezkceylkcmd>n<kidwbzgbrysbedi>o<kbrybbe
> eentlpce>.<keugjgpbgkjbem>u<krpkxfvohpotl>s<kynxoghdjch>/p<kewihcvcuksx>a
> t<kezioggberhli>c<kroxlcqchxifs>h/?m<kavuzrqcmmm>9<kkerhptbvrxyqbx>n8b<ke
> cmufnakbue>7<kpjymxcbwmej>v<kgbhwguhuaz>6<kmgpbmccvzvzuzb><kxtkbbgbik
> besw>
> <klaqdkgtmlhpkb><<kvwiyedbydl>--<kpoqfztbkakyvh>-<kivjxdcsicgnx>-<ksndgng
> cgsu>-<kwsyabidibtyr> <kmsccgtbkhfnlnr>co<kjycfsdbmoujfs>py<kbbrfarbxuiej>
> p<kaluwffbxogoyb>as<ktshctnjcaopkdl>t<kkmpsltdfswgxec>e
> <kdzjwdhbzpk>U<knrzbboyrlye>R<kynyryxdexkho>L<kgjnwsftvdrxdb>
> <kyvykkgdzahqu>i<kotieroaghvrkcn>nt<kumjzriicqp>o
> b<knqddxxbarn>ro<ksteheswuqdqzc>ws<kjufmxcbhwh>e<kzyisuxdhlt>r
> t<kigbchkbizqywvd>o
> l<krhrcacddnklyt>ea<kmovmtedjqx>r<kkrxqakbthd>n
> <khjygwibgjs>m<kylpyricxuzaggb>or<kdfipqfcdpkke>e<kqlfunkgeomp>
> <kftyfkjcsggomk>a<kyolahrdtcmydtk>b<kdbleokcucbkxp>ou<kfodriryjici>t<kwvb
> qlccyigr> u<kvhofcbdajffi>s<kdvtuxvbkqya>in<klmijbrcgslqm>g
> <kezwzmxtyaxkbc>p<kfamcpofuhc>at<knmucnrcthdx>c<klqctlmpywg>h<kboomkqdvas
> z>e<kzturuvdegcqvmc>s.<ksogzwzbvqntljc><kiomuzkbgwgbdld><h4><kzbrffdozvqd
> tc> <krgjlbwbrrhhfrm> <kgwloglbesfnwtd>
> <ksiocrgbzvyq><kdmmsdwdafmtl>
>
>
> ------------=_3FE6EEB6.9F0AD7BD--
>
>
> --
>
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
>## details at http://www.exim.org/ ##
>
>

--
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 972-414-9812                 E-Mail: ler@???
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
--
[ Content of type application/pgp-signature deleted ]
--

This message is part of the following thread:
	the complete thread tree sorted by date

	De Leeuw Guy at