Marc MERLIN
2006-02-10 22:03:28 UTC
Probably more than half of you will reject this mail :) but I thought it was
cool to see how effective sa-exim and SA can be.
What's even more amazing is such a high score for a mail that had 10 lines
of body :)
----- Forwarded message from Trina Dunn <***@succeed.net> -----
X-Message-Info: %RNDUCCHAR15%RNDLCCHAR13%RNDUCCHAR15%RNDDIGIT13%RNDLCCHAR13%RNDUCCHAR13%RNDLCCHAR14%RNDUCCHAR16%RNDLCCHAR13%RNDUCCHAR13%RNDLCCHAR13%RNDUCCHAR13%RNDLCCHAR13%RNDDIGIT13
To: ***@efrei.fr
From: Trina Dunn <***@succeed.net>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at efrei.fr
X-CallBackFailed: envrcptrandom
X-CallBackFailed: hdrrcptrandom
X-SA-Exim-Connect-IP: 194.2.204.37
X-SA-Exim-Rcpt-To: marc ***@merlins.org
X-SA-Exim-Mail-From: ***@succeed.net
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.0-mmrules_20041125 (2005-09-13) on
magic.merlins.org
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=106.0 required=7.0 tests=BAYES_99,ENVCALLBACK,
FROM_LOCAL_NOVOWEL,HDRCALLBACK,HTML_IMAGE_ONLY_04,HTML_IMAGE_RATIO_02,
HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,MIME_BOUND_DD_DIGITS,
MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,PERCENT_RANDOM,
RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_HELO_IP_MISMATCH,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_XBL,RCVD_NUMERIC_HELO,
TO_EFREI,UNRESOLVED_TEMPLATE,URIBL_AB_SURBL,URIBL_JP_SURBL,
URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL,X_MESSAGE_INFO
autolearn=spam version=3.1.0-mmrules_20041125
X-Spam-Report:
* 2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
* 4.5 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* 9.0 HDRCALLBACK Envelope sender callback failed
* 8.0 ENVCALLBACK Envelope sender callback failed
* 6.0 TO_EFREI To old efrei address
* 4.4 X_MESSAGE_INFO Bulk email fingerprint (X-Message-Info) found
* 1.3 UNRESOLVED_TEMPLATE Headers contain an unresolved template
* 4.0 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but
* should
* 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
* 0.5 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image
* area
* 1.8 HTML_MESSAGE BODY: HTML included in message
* 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 3.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 3.6 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of words
* 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
* above 50%
* [cf: 100]
* 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
* above 50%
* [cf: 100]
* 7.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 4.0 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
* [cf: 100]
* 3.0 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
* [<http://dsbl.org/listing?220.77.108.253>]
* 6.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?220.77.108.253>]
* 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [220.77.108.253 listed in sbl-xbl.spamhaus.org]
* 3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
* [URIs: insane-extreme-amazing.com]
* 4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: insane-extreme-amazing.com]
* 4.0 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
* [URIs: insane-extreme-amazing.com]
* 3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
* [URIs: insane-extreme-amazing.com]
* 4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
* [URIs: insane-extreme-amazing.com]
* 0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME
* parts
* 2.3 PERCENT_RANDOM Message has a random macro in it
* 0.9 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
Subject: SPAM: 106.0: massive toys deeper and harder into their tight pussies & asses.
X-Spam-Prev-Subject: massive toys deeper and harder into their tight pussies & asses.
X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100)
X-SA-Exim-Scanned: Yes (on mail1.merlins.org)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
</HEAD>
<BODY>
<A HREF="http://hiatus.insane-extreme-amazing.com/p/gmp/"><IMG SRC="Loading Image...
" WIDTH="500" HEIGHT="375" BORDER="0" ALT="">Pussy toys, anal toys, double toys, toy ass-to-mouth and more </A>
</BODY>
</HTML>
----- End forwarded message -----
cool to see how effective sa-exim and SA can be.
What's even more amazing is such a high score for a mail that had 10 lines
of body :)
----- Forwarded message from Trina Dunn <***@succeed.net> -----
X-Message-Info: %RNDUCCHAR15%RNDLCCHAR13%RNDUCCHAR15%RNDDIGIT13%RNDLCCHAR13%RNDUCCHAR13%RNDLCCHAR14%RNDUCCHAR16%RNDLCCHAR13%RNDUCCHAR13%RNDLCCHAR13%RNDUCCHAR13%RNDLCCHAR13%RNDDIGIT13
To: ***@efrei.fr
From: Trina Dunn <***@succeed.net>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at efrei.fr
X-CallBackFailed: envrcptrandom
X-CallBackFailed: hdrrcptrandom
X-SA-Exim-Connect-IP: 194.2.204.37
X-SA-Exim-Rcpt-To: marc ***@merlins.org
X-SA-Exim-Mail-From: ***@succeed.net
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.0-mmrules_20041125 (2005-09-13) on
magic.merlins.org
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=106.0 required=7.0 tests=BAYES_99,ENVCALLBACK,
FROM_LOCAL_NOVOWEL,HDRCALLBACK,HTML_IMAGE_ONLY_04,HTML_IMAGE_RATIO_02,
HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,MIME_BOUND_DD_DIGITS,
MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,PERCENT_RANDOM,
RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_HELO_IP_MISMATCH,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_XBL,RCVD_NUMERIC_HELO,
TO_EFREI,UNRESOLVED_TEMPLATE,URIBL_AB_SURBL,URIBL_JP_SURBL,
URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL,X_MESSAGE_INFO
autolearn=spam version=3.1.0-mmrules_20041125
X-Spam-Report:
* 2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
* 4.5 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* 9.0 HDRCALLBACK Envelope sender callback failed
* 8.0 ENVCALLBACK Envelope sender callback failed
* 6.0 TO_EFREI To old efrei address
* 4.4 X_MESSAGE_INFO Bulk email fingerprint (X-Message-Info) found
* 1.3 UNRESOLVED_TEMPLATE Headers contain an unresolved template
* 4.0 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but
* should
* 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
* 0.5 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image
* area
* 1.8 HTML_MESSAGE BODY: HTML included in message
* 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 3.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 3.6 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of words
* 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
* above 50%
* [cf: 100]
* 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
* above 50%
* [cf: 100]
* 7.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 4.0 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
* [cf: 100]
* 3.0 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
* [<http://dsbl.org/listing?220.77.108.253>]
* 6.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?220.77.108.253>]
* 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [220.77.108.253 listed in sbl-xbl.spamhaus.org]
* 3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
* [URIs: insane-extreme-amazing.com]
* 4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: insane-extreme-amazing.com]
* 4.0 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
* [URIs: insane-extreme-amazing.com]
* 3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
* [URIs: insane-extreme-amazing.com]
* 4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
* [URIs: insane-extreme-amazing.com]
* 0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME
* parts
* 2.3 PERCENT_RANDOM Message has a random macro in it
* 0.9 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
Subject: SPAM: 106.0: massive toys deeper and harder into their tight pussies & asses.
X-Spam-Prev-Subject: massive toys deeper and harder into their tight pussies & asses.
X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100)
X-SA-Exim-Scanned: Yes (on mail1.merlins.org)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
</HEAD>
<BODY>
<A HREF="http://hiatus.insane-extreme-amazing.com/p/gmp/"><IMG SRC="Loading Image...
" WIDTH="500" HEIGHT="375" BORDER="0" ALT="">Pussy toys, anal toys, double toys, toy ass-to-mouth and more </A></BODY>
</HTML>
----- End forwarded message -----