From andy at forsythia.net Mon Apr 25 06:03:36 2011 From: andy at forsythia.net (andy at forsythia.net) Date: Mon, 25 Apr 2011 17:33:36 +0430 Subject: [Mailman] from Aileen Message-ID: <7634649128.HF67LWQ9179517@spjwmhu.htyvvbjieja.tv> Spam detection software, running on the system "meriadoc.forsythia.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see The administrator of that system for details. Content preview: Im an charming blue-eyed blonde, and I'm searching for a man to chat with by email or by Skype, or even meet in reality! I have registered my profile at: www.girls-rus.ru [...] Content analysis details: (25.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist [URIs: girls-rus.ru] 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: girls-rus.ru] 1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: girls-rus.ru] 0.1 TVD_RCVD_IP TVD_RCVD_IP 0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in headers 2.9 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split IP) 3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) 0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server [187.12.59.116 listed in dnsbl.sorbs.net] 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [187.12.59.116 listed in zen.spamhaus.org] 1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL [187.12.59.116 listed in sbl-xbl.spamhaus.org] 1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org [Blocked - see ] 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL [187.12.59.116 listed in psbl.surriel.com] 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [187.12.59.116 listed in bl.score.senderscore.com] 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [187.12.59.116 listed in bb.barracudacentral.org] 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.0 FSL_RU_URL URI: FSL_RU_URL 0.0 NO_RDNS2 Sending MTA has no reverse DNS 0.0 T_SURBL_MULTI1 T_SURBL_MULTI1 0.5 ISO_7BITS ISO charset announced as 7 bit (or bad rule ?) 1.0 RCVD_IN_SORBS RCVD_IN_SORBS -------------- next part -------------- An embedded message was scrubbed... From: , , , , Subject: from Aileen Date: Mon, 25 Apr 2011 17:33:36 +0430 Size: 1235 URL: From andy at forsythia.net Mon Apr 25 07:38:50 2011 From: andy at forsythia.net (andy at forsythia.net) Date: Mon, 25 Apr 2011 11:38:50 -0300 Subject: [Mailman] from Aileen Message-ID: <8716969129.W8DNZ9QN951656@yssrrufveabd.vcxyfljwwd.va> Spam detection software, running on the system "meriadoc.forsythia.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see The administrator of that system for details. Content preview: i am a pretty blonde girl, who looks for a male pen friend, or just a man to talk with on Skype or in real life! I have registered my profile at: www.girls-rus.ru [...] Content analysis details: (26.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.8 MY_DSL I could use a BL for this. 0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in headers 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [189.59.191.103 listed in bb.barracudacentral.org] 1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL [189.59.191.103 listed in sbl-xbl.spamhaus.org] 1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org [Blocked - see ] 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [189.59.191.103 listed in dnsbl.sorbs.net] 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [189.59.191.103 listed in zen.spamhaus.org] 0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [189.59.191.103 listed in bl.score.senderscore.com] 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist [URIs: girls-rus.ru] 4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: girls-rus.ru] 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: girls-rus.ru] 1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: girls-rus.ru] 0.0 FSL_RU_URL URI: FSL_RU_URL 0.4 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 0.0 T_SURBL_MULTI2 T_SURBL_MULTI2 0.0 T_SURBL_MULTI1 T_SURBL_MULTI1 2.0 WINDOWS_7BITS Windows charset announced as 7 bit 1.0 RCVD_IN_SORBS RCVD_IN_SORBS 1.0 RCVD_IN_DYNABLOCK RCVD_IN_DYNABLOCK -------------- next part -------------- An embedded message was scrubbed... From: , , , , , , , , Subject: from Aileen Date: Mon, 25 Apr 2011 11:38:50 -0300 Size: 1523 URL: From claude at forsythia.net Mon Apr 25 09:19:11 2011 From: claude at forsythia.net (claude at forsythia.net) Date: Mon, 25 Apr 2011 12:19:11 -0400 Subject: [Mailman] from Lucile Message-ID: <4303185914.QSAB54JR757516@wqehbqeyyvoyee.bkeqemccmtkoc.tv> Spam detection software, running on the system "meriadoc.forsythia.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see The administrator of that system for details. Content preview: I am a hot brunette girl, and I wish to become a pen pal (by email or Skype) of a handsome and clever guy, interested in further real dates! I have registered my profile at: www.girls-rus.ru [...] Content analysis details: (21.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in headers 0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [186.207.135.41 listed in zen.spamhaus.org] 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [186.207.135.41 listed in bb.barracudacentral.org] 1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL [186.207.135.41 listed in sbl-xbl.spamhaus.org] 1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org [Blocked - see ] 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist [URIs: girls-rus.ru] 4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: girls-rus.ru] 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: girls-rus.ru] 1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: girls-rus.ru] 0.0 FSL_RU_URL URI: FSL_RU_URL 0.0 T_SURBL_MULTI2 T_SURBL_MULTI2 0.0 T_SURBL_MULTI1 T_SURBL_MULTI1 0.5 ISO_7BITS ISO charset announced as 7 bit (or bad rule ?) 0.4 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP -------------- next part -------------- An embedded message was scrubbed... From: , , , , , , , , Subject: from Lucile Date: Mon, 25 Apr 2011 12:19:11 -0400 Size: 1351 URL: From claude at forsythia.net Mon Apr 25 10:47:29 2011 From: claude at forsythia.net (claude at forsythia.net) Date: Mon, 25 Apr 2011 20:47:29 +0300 Subject: [Mailman] from Dolly Message-ID: <3317785503.VYX3QEQK876269@lpmnckooj.hscfrfedbferusz.info> Spam detection software, running on the system "meriadoc.forsythia.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see The administrator of that system for details. Content preview: I'm a atractive blonde, and I wish to become a pen pal (by email or Skype) of a handsome and clever guy, interested in further real dates! I have registered my profile at: www.girls-rus.ru [...] Content analysis details: (20.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [212.79.125.210 listed in zen.spamhaus.org] 0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL 1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org [Blocked - see ] 1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL [212.79.125.210 listed in sbl-xbl.spamhaus.org] 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [212.79.125.210 listed in bb.barracudacentral.org] 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: girls-rus.ru] 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: girls-rus.ru] 1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: girls-rus.ru] 0.0 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: girls-rus.ru] 0.0 FSL_RU_URL URI: FSL_RU_URL 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist [URIs: girls-rus.ru] 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 T_SURBL_MULTI3 T_SURBL_MULTI3 0.0 T_SURBL_MULTI2 T_SURBL_MULTI2 0.0 NO_RDNS2 Sending MTA has no reverse DNS 0.0 T_SURBL_MULTI1 T_SURBL_MULTI1 -------------- next part -------------- An embedded message was scrubbed... From: , , , , , Subject: from Dolly Date: Mon, 25 Apr 2011 20:47:29 +0300 Size: 1393 URL: