[sclug] Any thoughts on how to block these? (long-ish)

Tue Jan 13 14:31:47 UTC 2004

Hi all,

It seems that Spamassassin's Bayesian filters are confused so I've 
turned auto-learn off and set up a cronjob that runs the following commands.

sa-learn --ham /var/mail/patrick
sa-learn --ham /home/patrick/Lists/GameDev
sa-learn --ham /home/patrick/Lists/LearnC++
sa-learn --spam /home/patrick/Spam

Even though there over 1000 messages in these folders, the output wehn I 
run from the command line is.

enterprise root # ./salearner
Learned from 0 message(s) (1 message(s) examined).
Learned from 1 message(s) (1 message(s) examined).
Learned from 1 message(s) (1 message(s) examined).
Learned from 0 message(s) (1 message(s) examined).

Does this look right?

Best regards,

Patrick Kirk
Mobile: 07876 560 646

Patrick Kirk wrote:
> I hope this plea for help gets past people's spam filters!
> 
> My spam filters are being beaten by up to 20 of these emails a day. They 
> all have the following characteristics.
> 1. Random words in the subject line, usually lower case
> 2. Lots of random words in the body in a seperate block from the 'pitch'
> 3. Words like 'click' are obfusticated
> 4. The X-Mailer header is a set of random words
> 
> I would guess that the randomness is a way of beating Bayesian filters. 
>  My only thought so far has been to exclude all email not from a list of 
> known mail agents but that's cumbersome.
> 
> Has anyone else this problem and have you found a way of blocking these?
> 
> 
> 
> 
>  From - Mon Jan 12 08:41:29 2004
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> Return-path: <fwiqhmaddxzhdn at msn.com>
> Envelope-to: patrick at localhost
> Received: from mail by enterprise.kirksnet with spam-scanned (Exim 3.36 
> #1 (Debian))
>     id 1AflEA-0006K6-00
>     for <patrick at localhost>; Sun, 11 Jan 2004 19:26:28 +0000
> Received: from localhost ([127.0.0.1])
>     by enterprise.kirksnet with esmtp (Exim 3.36 #1 (Debian))
>     id 1AflEA-0006Jt-01
>     for <patrick at localhost>; Sun, 11 Jan 2004 19:26:26 +0000
> Received: from mail.btinternet.com [194.73.73.90]
>     by localhost with POP3 (fetchmail-6.2.4)
>     for patrick at localhost (single-drop); Sun, 11 Jan 2004 19:26:26 +0000 
> (GMT)
> Received: from [212.69.217.30] (helo=smtp-relay01.x-mailer.co.uk)
>     by praseodumium.btinternet.com with esmtp (Exim 3.22 #25)
>     id 1AflGW-0004nq-00
>     for patrick.kirk at btinternet.com; Sun, 11 Jan 2004 19:28:52 +0000
> Received: from [212.69.195.55] (helo=helta.dsvr.co.uk)
>     by smtp-relay01.x-mailer.co.uk with esmtp (Exim 4.22)
>     id 1AflGV-0007gh-EV
>     for patrick.kirk at btinternet.com; Sun, 11 Jan 2004 19:28:51 +0000
> Received: from c-24-7-152-72.client.comcast.net 
> (c-24-7-152-72.client.comcast.net [24.7.152.72])
>     by helta.dsvr.co.uk (8.11.7/8.11.7) with SMTP id i0BJSjX02059;
>     Sun, 11 Jan 2004 19:28:46 GMT
> Received: from [196.59.73.98] by 24.7.152.72 with HTTP;
>         Sun, 11 Jan 2004 21:18:40 +0300
> From: "Judy Dewitt" <fwiqhmaddxzhdn at msn.com>
> To: patrick at kirks.net
> Subject: hooves mint earthmove cyanide boris
> Mime-Version: 1.0
> X-Mailer: expository lake caucasian
> Date: Sun, 11 Jan 2004 16:25:40 -0200
> Reply-To: "Judy Dewitt" <fwiqhmaddxzhdn at msn.com>
> Content-Type: multipart/alternative;
>         boundary="993200941211846621"
> Message-Id: <MBITGMM-0009590550242 at donner>
> X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
>     enterprise.kirksnet
> X-Spam-Level:
> X-Spam-Status: No, hits=-2.9 required=5.0 tests=BAYES_00,HTML_MESSAGE
>     autolearn=no version=2.60
> 
> --993200941211846621
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 8bit
> 
> abrade annapolis selectmen imaginary icebox europium clinic
> bosonic debit dwell derail siamese contribute colloq
> cafeteria fine arianism freon charisma
> 
> --993200941211846621
> Content-Type: text/html; charset=us-ascii
> Content-Transfer-Encoding: 8bit
> 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> 
> <TITLE>Message</TITLE>
> 
> <META content="MSHTML 6.00.2800.1276" name=GENERATOR></HEAD>
> <BODY>
> <DIV><!-- Converted from text/plain format --><FONT face=Arial size=2>
> STILL NO LUCK ENLARGING IT?<BR>
> 
> <BR>
> Our 2 products will work for you!<BR>
> <BR>
> 1. #1 Supplement available! - Works!<BR>
> <A HREF="http://www.timezsquarepatry.com/v2/index.php?AFF_ID=d1230">FOR 
> VPRX CIILCK HERE</A><BR>
> <BR>
> and<BR>
> <BR>
> 2. *New* Enhancement Oil - Get hard in 60 seconds! Amazing!<BR>
> Like no other oil you've seen. <BR>
> <A HREF="http://www.timezsquarepatry.com/x/index.php?AFF_ID=o1230">FOR 
> VPRX OIL CIILCK HERE</A><BR>
> <BR>
> the 2 products work great together<BR>
> 
> <BR>
> <BR>
> ------------------------------------------------------------<BR>
> <BR>
> FOR WOMEN ONLY: <A 
> HREF="http://www.timezsquarepatry.com/l/index.php?AFF_ID=a1230">CIILCK 
> HERE</A><BR>
> <BR>
> <BR>
> <BR>
> <BR>
> <BR>
> <BR>
> <BR>
> <BR>
> <a href="http://www.timezsquarepatry.com/homepage/">Not 
> intreseted</a><br></FONT></DIV></BODY></HTML>
> grunt braille plural footstep hexane ibm riffle batten creek edify bang 
> holystone glory lacrosse crony induct appeasable abel caddis god 
> gorgeous chick mansion fag moore charta manor sentient dramaturgy 
> euphemist <br>
> continua dam baltic commodore ac four award catch caramel camellia 
> hector fortress <br>
> palladia podium nose bolshevism entice beebe bowel mastic absentee 
> excellent fisk flamboyant <br>
> bakelite another brendan bootstrapped opium real campfire frustrater 
> akers ornately patron harvest maori gulf heliocentric adverbial 
> prevention silverman corrodible <br>
> birdseed immanent dendritic selectmen baghdad chevron hooves hookworm 
> monster repellent duplicate callus cunning ferment prong <br>
> exonerate diction exhibitor presumed approve enstatite remainder 
> aphelion dayton laborious anomalous coruscate <br>
> shiplap gastronome czechoslovakia eventual cowmen puffy salesian pompon 
> doubt gurkha simile indifferent biometry enjoinder burnham commentary 
> indianapolis homework excelled fantasist sealant drove loomis disputant 
> <br>
> pickford costume assemblage amphibian airplane counterpoint childbirth 
> chicory prophesy pop ha catalyst singular impost crack homeopath 
> bridgehead carbonium <br>
> angelo brownell adjudicate quadrangular cornfield communal corny 
> denunciate discussion jazzy drape earthquake lard easy karma <br>
> cognition amateurish doorway cozen electorate bisect cocoon corinthian 
> hadron postgraduate alia blocky dredge parks ruminate sanguineous 
> pleasant hubbell joan idiotic caribou infect fabulous aile cover clotho 
> clinton helga covenant godkin hold contrivance dread hager austin garb 
> apprehensive sarasota <br>
> 
> 
> --993200941211846621--
> 
> 
> 
> _______________________________________________
> sclug mailing list
> sclug at sclug.org.uk
> http://www.sclug.org.uk/mailman/listinfo/sclug