spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kris Deugau <kdeu...@vianet.ca>
Subject Re: Abused accounts
Date Tue, 15 Mar 2016 16:25:43 GMT
Robert Boyl wrote:
> Hi, everyone
> 
> Please check http://pastebin.com/GUBqpyZ8
> 
> Interesting how some spams that abuse some legit account such as this
> one are hard to detect, how Spamassassin scores almost nothing although
> there are spammy works, etc. System caught DCC_CHECK 1.10.
> 
> Some other systems such as isnotspam.com <http://isnotspam.com> caught
> some SA rule which doesnt exist anymore in latest SA...
> AXB_X_FF_SEZ_S=3.10.

I'm assuming that's your Barracuda appliance that added those Barracuda
headers.  If so, it's running a VERY out of date SA (3.2.2) when the
current release versions is 3.4.1.

IIRC the upstream SpamAssassin project is no longer publishing rule
updates for 3.2.x.  That particular rule is relatively *new*, and so
would not have been published to the 3.2.x rules channel.

I'm not certain, but it also looks like you might not be using Bayes.
This is likely one of the key methods of detecting spam like this;
since it was sent through outlook.com the message structure is perfectly
legitimate so IP DNSBLs will have little value.

Since there's no link, just a (probably cracked/stolen) email address in
the body, DNSBL body rules will also have very little value on this message.

-kgd

Mime
View raw message