From: Fred H. Schlesinger (fred@schlesingers.net)
Date: Wed Nov 26 2003 - 09:12:32 PST
Non Mv related Purists delete now!!!
Paul and Ryan may be right, I can only talk about my own experience with
server-side spam filtering.
I use spamassasin, a server side filtering program which is offered free by my
web hosting company. (hostedtoday.com) Works on a point system. With a little
tweaking I get about 80% of the spam identified and none of the real stuff gets
mistagged.
I just use a message rule to move tagged spam to my deleted items file.
Sometimes I check on it to make sure it isn't good stuff, but usually I just
"Dush". The bad side of it is everyone on the domain has to have the same
filter setting. This works for me, because I only have a few family accounts
and some friends who want free email.
Here is a header from a recent identified spam. I pulled the identifying stuff
out. Butt (oh-oh, I'll be the next one in the dog house with Arthur -- Because
of a typo) you can get a good idea how it works from the header.
F
Header below:
--------------------------------------------------------------------------------
----------------
Return-path: <deleted fs>
Envelope-to: fred@schlesingers.net
Delivery-date: Wed, 26 Nov 2003 12:03:10 -0400
Received: from delete if - fs with local-bsmtp (Exim 4.24)
id ---------------
for fred@schlesingers.net; Wed, 26 Nov 2003 12:03:10 -0400
Received: from localhost [127.0.0.1] by nana deleted fs
with SpamAssassin (2.60 1.212-2003-09-23-exp);
Wed, 26 Nov 2003 12:03:10 -0400
From: "Forest McKinley" <forestmcKinley_kw@shucan.shu.ac.uk>
To: fred@schlesingers.net
Subject: hi
Date: Wed, 26 Nov 2003 10:02:19 -0600
Message-Id: <E1AP28D-000747-9w@deleted fs>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
NaNa deleted fs
X-Spam-Status: Yes, hits=21.8 required=7.5 tests=BIZ_TLD,GENERIC_VIAGRA,
HTML_50_60,HTML_FONTCOLOR_UNKNOWN,HTML_FONTCOLOR_UNSAFE,HTML_FONT_BIG,
HTML_FONT_INVISIBLE,HTML_MESSAGE,MIME_HTML_MOSTLY,MONEY_BACK,
OBFUSCATING_COMMENT,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,
RCVD_IN_DYNABLOCK,RCVD_IN_SORBS autolearn=no version=2.60
X-Spam-Level: *********************
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_3FC4CEBE.3016A219"
Message Below:
Spam detection software, running on the system "yellow.serverstoday.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Generic Viagra h0w5wabdsz INTRODUCTORY OFFER [...]
Content analysis details: (21.8 points, 7.5 required)
pts rule name description
---- ---------------------- --------------------------------------------------
4.3 GENERIC_VIAGRA BODY: Mentions Generic Viagra
4.3 MONEY_BACK BODY: Money back guarantee
0.4 HTML_FONT_INVISIBLE BODY: HTML font color is same as background
1.2 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is unknown to us
0.2 HTML_50_60 BODY: Message is 50% to 60% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 HTML_FONT_BIG BODY: HTML has a big font
0.1 HTML_FONTCOLOR_UNSAFE BODY: HTML font color not in safe 6x6x6 palette
0.8 BIZ_TLD URI: Contains a URL in the BIZ top-level domain
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[69.160.73.28 listed in dnsbl.sorbs.net]
1.1 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?ip=69.160.73.28>]
2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?69.160.73.28>]
2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[Dynamic/Residential IP range listed by]
[easynet.nl DynaBlock - <http://dynablock.easynet.nl/errors.html>]
4.3 OBFUSCATING_COMMENT HTML comments which obfuscate text
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
--------------------------------------------------------------------------------
----------------------------
And the original email is sent as an attachment.
I think it is pretty slick, and works for me.
Fred
----- Original Message -----
From: "Ryan M Gill" <rmgill@mindspring.com>
To: "Military Vehicles Mailing List" <mil-veh@mil-veh.org>
Sent: Wednesday, November 26, 2003 10:27 AM
Subject: Re: [MV] FW: Spam Filtered: re: [mv] what happened?
| At 8:51 AM +0000 11/26/03, jimweb@endgame.demon.co.uk wrote:
|
| >Get an up to date email program. I use Mozilla which has message
| >filters and spam filters and is easily trained to your own standards.
|
|
| What Jim Says! Server side filtering can be really bad. Requiring all
| your senders to authenticate to a list is also cumbersome if you
| correspond with more than a few people. I personally use Eudora and
| after being on Usenet and the internet for over 10 years
|
|
| --
| --
| ----------------------------------------------------------------
| - Ryan Montieth Gill '01 Honda Insight -
| - rmgill@SPAmindspring.com '85 CB700S -
| - ryan.gill@SPAMturner.com '76 Chevy Monte Carlo -
| - www.mindspring.com/~rmgill '72 Honda CB750 -
| - '60 Daimler FV701H Mk2/3 -
| - '42 Daimler Scout Car Mk II -
| - I speak not for CNN, nor they for me -
| ----------------------------------------------------------------
| - The director of Home Security encourages you to -
| - turn in your neighbor & spy on your friends. -
| ----------------------------------------------------------------
| - C&R-FFL / Protect your electronic rights! \ EFF-ACLU -
| - SAF & NRA/ Join the EFF! http://www.eff.org/ \ DoD #0780 -
| ----------------------------------------------------------------
|
| ===Mil-Veh is a member-supported mailing list===
| To unsubscribe, send e-mail to: <mil-veh-off@mil-veh.org>
| To switch to the DIGEST mode, send e-mail to <mil-veh-digest@mil-veh.org>
| To reach a human, contact <ack@mil-veh.org>
|
|
This archive was generated by hypermail 2.1.4 : Sat May 07 2005 - 20:26:29 PDT