How to configure spamassassin to stop unwanted mails

Hello frnds

can we stop these kinda mails which are coming repeatedly .......



 ;
> X-RocketDSI: i=124.83.200.48;s=w
> Date: Wed, 23 Jul 2008 04:31:13 +0900 (JST)
> From: UK/JAPAN NATIONAL LOTTERY PROMO
<lottowin44ukjapandraws999@...> 15/07/2008.For claim contact,mr.tommy edwards at tommyedx@...
with this information in your reply mail,your country, complete official
names,address, contact phone & fax #, sex, age, occupation and job title
for processing.
>
> - UK/JAPAN NATIONAL LOTTERY PROMO







X-Original-To: ravis@...
Delivered-To: ravis@...
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.sarai.net
X-Spam-Level: *
X-Spam-Status: No, score=1.8 required=4.7 tests=HTML_MESSAGE,SUBJ_ALL_CAPS
         autolearn=no version=3.2.4
Date: Tue, 22 Jul 2008 12:59:21 -0700
From: hwahyang@...
Subject: CONGRATULATIONS !!!
Reply-to: drmarklambert1982@...
X-Mailer: Sun Java(tm) System Messenger Express 6.2-8.04 (built Feb 28 2007)
X-Accept-Language: en
Priority: normal
To: undisclosed-recipients:;
X-Sanitizer: Advosys mail filter



CONGRATULATIONS !!!

Dear E-mail Bearer,

You have won the sum of £ 850,502.00in the recent email draw of
the UK National Lottery held on 22st of July 2008. Your Ref Number:
Ref:UK/940X2/68, To further the claims of your prize, you are advise to

contact your claims department with the below informations.

PAYMENT PROCESSING FORM

DETAILS OF BENEFICIARY :

1)Full Names:...
2)Home Address:
3)Telephone:
4)Mobile Phone
5)Occupation:.
6)Nationality:..
7)Country of residence:.....
8)City:..
9)State/Province:..
10)Zip Code:..
11)Sex:...
12)Age:.


upon submission of the above informations we shall immediately commence
on your data verification process which will take not latter than 12
hours and we get back to you on how to hand over your winning fund to
you.

Contact Person: Dr. Mark Lambert
E-mail:drmarklambert1982@...
Mobile Phone: +44 704 572 2823

Congratulations once again.
Yours faithfully,
Sir Stecher, Terry Online Coordinator
NB: Send You Information Via drmarklambert1982@...


*****
NOTE: An attachment named hwahyang.vcf was deleted from this message
because it contained a windows executableor other potentially dangerous
file type.
Contact the system administrator for more information.












FILETIME=[68EBFD90:01C8EC34]
> To: undisclosed-recipients:;
> X-Sanitizer: Advosys mail filter
>
> Dear Recipient,
>
> On behalf of the National Loyalty CashOut (UK), this message is to
quickly inform you of our Monthly Promo E-mail Draw that was held today
in the CASH-OUT PLAZA. Your e-mail address which was attached to these
Lucky Numbers: 11 13 26 34 44 48 and a Bonus Number: 2, was among the
ten(10) selected winners and I'm delighted to notify you that your
e-mail has won Nine Hundred and Fifteen Thousand Eight Hundred and Ten
Pounds(£915,810.00). To claim your Award, simply FORWARD this mail to
our Remittance Agent now with his details below:
> ---------------------------------
> MR.GARVIN WALLACE
> Remittance Dept,
> National Loyalty CashOut, London.
> Email: mailingwallace@...
> Phone Number: +44 704 572 2133
> ---------------------------------
> These Awards MUST be claim before two(2) weeks as deadline or your award
will be returned as Unclaimed and eventually be reabsorbed into our next
sweepstakes.(Do not reply to this email as any reply will not be
answered) If you have any questions, please email our Remittance Agent
(Mr. Wallace) at mailingwallace@... ________________________________________________________
________________________________________________________
>
>
>
>
>
> iPod Operating Systems

> From: Nitin Bhadauria <nitin.bhadauria@...>
> Date: Wed, 23 Jul 2008 19:02:13 +0530 (IST)
> To: <users@...>
> Subject: How to configure spamassassin to stop unwanted mails
>
> RCVD_IN_NJABL_SPAM
In local.cf

score RCVD_IN_NJABL_SPAM 15.0

Restart/recomple spamd.
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com
_________________________________________________________________________

>> RCVD_IN_NJABL_SPAM
> In local.cf
>
> score RCVD_IN_NJABL_SPAM 15.0

That's a bit drastic - any blacklist can have false positives. In any
case only one of the original poster's samples was on that list anyway.

I've tried a few of the samples which also hit LOTTERY_PH_004470 (from
sa-update to 3.2.5), though even with that and Bayes they all score
relatively low here.

John.

--
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

Nitin Bhadauria wrote:
> Hello frnds
>
> can we stop these kinda mails which are coming repeatedly .......


find the cat who ate the Received headers and tell him to send us the
_full_ headers (yes, i'll send "him" my mouse, 3 buttons, wheel, but no
tail :).

Thanks for that i did add this rule in local.cf can you tell me what it
will do.........

here is some mails with the header ..............




____________________________________________________________________________

From - Wed Jul 23 18:35:34 2008
X-Account-Key: account1
X-UIDL: UID457178-1128331933
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <harriettdeloreszc@...>
X-Original-To: tetra@...
Delivered-To: tetra@...
Received: by mail.sarai.net (Postfix, from userid 1006)
        id 53C911094030; Wed, 23 Jul 2008 18:31:35 +0530 (IST)
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.sarai.net
X-Spam-Level: ***
X-Spam-Status: No, score=3.4 required=4.7 tests=PYZOR_CHECK,RCVD_IN_PBL,
        RDNS_NONE autolearn=no version=3.2.4
Received: from ufvleasy (unknown [200.87.78.57])
        by mail.sarai.net (Postfix) with ESMTP id E2C1D2C48004;
        Wed, 23 Jul 2008 18:31:30 +0530 (IST)
Date: Wed, 23 Jul 2008 05:53:39 -0700
X-Sender: <harriettdeloreszc@...>
In-Reply-To: <1def01c8e80b$3b7354e7$8c3ab21a@c3x7iy2>
From: "Harriett Delores" <harriettdeloreszc@...>
Message-ID: <1216817619.0515@...>
Reply-To: "Harriett Delores" <harriettdeloreszc@...>
To: <flosstoday@...>
Sender: <harriettdeloreszc@...>
Subject: Cheap Price Degree/Bacheelor/masteerMBA/PhDD Certificate sqce 6epj
X-Sanitizer: Advosys mail filter
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: 8bit


It cost you nothing (Yes! $0) to give Us a call, We will contact You back

Absolutely No exams/Tests/classes/books/Interviews
No Pre-School qualification Needed!

-----------------------------
Inside USA: 1-718-989-5740
0utside USA: +1-718-989-5740
-----------------------------

Degree, Bacheelor, masteerMBA, PhDD available in the field of your choice
that's Right, You can even become a doctor & receive all the benefits That
omes With it!

Please Leave Below 3 INFO in voicemail:

1) your Name
2) your Country
3) your Phone No. (with Countrycode)

Call Now! 24 hours a day, 7 Days a week to recieve Your call

-----------------------------
Inside USA: 1-718-989-5740
0utside USA: +1-718-989-5740
-----------------------------

Our staff will get back to You in 1-3 working days

____________________________________________________________________________





From - Wed Jul 23 17:15:39 2008
X-Account-Key: account1
X-UIDL: UID457132-1128331933
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <0-mini@...>
X-Original-To: tetra@...
Delivered-To: tetra@...
Received: by mail.sarai.net (Postfix, from userid 1006)
        id C85092C48005; Wed, 23 Jul 2008 12:56:18 +0530 (IST)
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.sarai.net
X-Spam-Level: **
X-Spam-Status: No, score=2.7 required=4.7 tests=INVALID_MSGID,RDNS_NONE
        autolearn=no version=3.2.4
Received: from mail.tlxgroup.com (unknown [124.129.149.100])
        by mail.sarai.net (Postfix) with ESMTP id DB3B02C48004
        for <mary@...>; Wed, 23 Jul 2008 12:56:14 +0530 (IST)
Received: from localhost (localhost.localdomain [127.0.0.1])
        by mail.tlxgroup.com (Postfix) with ESMTP id 322B826294A8;
        Wed, 23 Jul 2008 15:29:02 +0800 (CST)
X-Virus-Scanned: amavisd-new at
Received: from mail.tlxgroup.com ([127.0.0.1])
        by localhost (mail.tlxgroup.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id 5jnvNCwgnb5C; Wed, 23 Jul 2008 15:28:51 +0800 (CST)
Received: from DM (unknown [192.168.10.1])
        by mail.tlxgroup.com (Postfix) with SMTP id 16572262949B;
        Wed, 23 Jul 2008 15:28:47 +0800 (CST)
Received: from horrible-theresa.htnr.net (HELO Delldim5150)
([124.129.149.99]) by closure-automorphism.htnr.net with ESMTP; Thu, 24
Jul 2008 05:23:51 -0600
Date: Thu, 24 Jul 2008 17:16:51 +0600
From: "Elisabeth E Parker" <0-mini@...>
To: mary@...
Subject: We have data for many medical specialties
Message-ID: <272830b5xxb0$b5864bs0$5253w7u0@Delldim5150
Priority: normal
X-Sanitizer: Advosys mail filter
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"




Currently in Practice:  MDs in America

Featuring the most accurate contact information in many different areas of
medicine

Sort by over a dozen different fields

This week only you pay only: $396


{}{}{} You will also get these at no additional charge: {}{}{}

+ Dentists

+ Hospitals

+ Pharmaceutical Companies

+ Medical Equipment Suppliers

Email us at:: juliaberman@...

for only this week _____________________________   Put this number in the
heading: 472 and send this email back to be delisted



______________________________________________________________________________




From - Wed Jul 23 17:02:33 2008
X-Account-Key: account1
X-UIDL: UID456681-1128331933
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <hessaddie2526032@...>
X-Original-To: tetra@...
Delivered-To: tetra@...
Received: by mail.sarai.net (Postfix, from userid 1006)
        id 8E3A32C492A9; Mon, 21 Jul 2008 02:37:16 +0530 (IST)
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.sarai.net
X-Spam-Level:
X-Spam-Status: No, score=-87.4 required=4.7 tests=FRT_ROLEX,
        HELO_DYNAMIC_IPADDR,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_NONE,USER_IN_WHITELIST
        autolearn=no version=3.2.4
Received: from client-201.240.33.70.speedy.net.pe (unknown [201.240.33.70])
        by mail.sarai.net (Postfix) with SMTP id D640C2C490F8;
        Mon, 21 Jul 2008 02:36:56 +0530 (IST)
X-Originating-IP: 136.36.96.88 by smtp.201.240.33.70;  Sun, 20 Jul 2008
17:07:03 -0500
Message-ID: <zonfwnyAFGXLQQprogramme@...>
From: "Paige Goodson" <programme@...>
Reply-To: "Paige Goodson" <programme@...>
To: programme@...
Subject: S4ve 80% on Brand name repl1ca w4tches Programme
Date: Sun, 20 Jul 2008 17:07:03 -0500
X-Sanitizer: Advosys mail filter
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit


Looking for a R0lex repl1ca? How about getting two,
one for you and one for your spouse? When you get
two R0lex w4tches this summer, we knock 15% off
the price! Where? At http://Deenaxirezyt.blogspot.com/


______________________________________________________________________________





From - Tue Jul  1 10:37:58 2008
X-Account-Key: account1
X-UIDL: UID452493-1128331933
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <dr.frankjames@...>
X-Original-To: tetra@...
Delivered-To: tetra@...
Received: by mail.sarai.net (Postfix, from userid 1006)
        id 267642C4800B; Sun, 29 Jun 2008 13:48:56 +0530 (IST)
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.sarai.net
X-Spam-Level: ****
X-Spam-Status: No, score=4.4 required=4.7 tests=ADVANCE_FEE_2,
        HTML_FONT_SIZE_HUGE,HTML_MESSAGE,MIME_QP_LONG_LINE autolearn=no
version=3.2.4
Received: from n7b.bullet.ukl.yahoo.com (n7b.bullet.ukl.yahoo.com
[217.146.182.217])
        by mail.sarai.net (Postfix) with SMTP id DD9382C48008
        for <mary@...>; Sun, 29 Jun 2008 13:48:50 +0530 (IST)
Received: from [217.146.182.177] by n7.bullet.ukl.yahoo.com with NNFMP; 29
Jun 2008 08:18:46 -0000
Received: from [87.248.111.149] by t3.bullet.ukl.yahoo.com with NNFMP; 29
Jun 2008 08:18:46 -0000
Received: from [127.0.0.1] by omp206.mail.ukl.yahoo.com with NNFMP; 29 Jun
2008 08:18:46 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 445742.87553.bm@...
Received: (qmail 26767 invoked by uid 60001); 29 Jun 2008 08:18:46 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.uk;
  h=Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Message-ID;
  b=MnPY7F9IYgwhzbz5a/JLfq9A/plaHL/+0f503sp8j/q393moMKHvVOPEKLUJtdHEuAdoyYBuPGtAxIzU/pZmnQup/vQxoGVVb9Y+5rAHgj1794xfyGqHHvvl9ZqgpT7doTmTs1yEAGdjobAB1DGGRpg1pHSJSSzJbJbHZuVg4wk=;
Received: from [117.98.43.114] by web28215.mail.ukl.yahoo.com via HTTP;
Sun, 29 Jun 2008 08:18:45 GMT
X-Mailer: YahooMailWebService/0.7.199
Date: Sun, 29 Jun 2008 08:18:45 +0000 (GMT)
From: "Dr.Frank James" <dr.frankjames@...>
Reply-To: dr.frankjames@...
Subject: CONGRATULATION
To: ugo4nwachukwu@...
Message-ID: <250044.26112.qm@...>
X-Sanitizer: Advosys mail filter
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="MIMEStream=_0+48667_301101440911353_4812488537"


--MIMEStream=_0+48667_301101440911353_4812488537
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable















GUINNESS=C2=A0
GUINNESS HOUSE=20
HOUGHTON STREET ,LONDON,=20
WC2A 2AE, UNITED KINGDOM.=20




Date:29/06/2008


GUINNESS STOUT NEW YEAR GREAT INTERNET AWARENESS PROMOTIONS 2008.=20


Attention.=20



We are pleased to inform you of the result of the 2008 Year draws held on t=
he=C2=A02nd of=C2=A0JUNE 2008 by GUINNESS EXTRA STOUT=C2=A0Worldwide Intern=
et Awareness Promotion, your email was among the 30 lucky winners who won G=
BP (One Million Great British Pounds) =C2=A31,000,000.00 each on the GUINNE=
SS COMPANY.=20


However, the results were released today=C2=A03rd of=C2=A0JUNE 2008 and you=
r email was attached to ticket number (GUI45856CS89) and ballot number (BN:=
 6220914657/HBZ-T). The online draws was conducted by a random selection of=
 email addresses from an exclusive list of 250,031 E-mail addresses of indi=
viduals and corporate bodies, picked by an advanced automated random comput=
er search from the internet. However, no tickets were sold but all email ad=
dresses were assigned to different ticket numbers for representation and pr=
ivacy.=20

In other to claim your GBP =C2=A31,000,000.00 winning prize, which have bee=
n deposited in a designated Finance Security Company here in United Kingdom=
.. However, you will have to fill the form below and send it to the Promoti=
on manager of Guinness Worldwide Internet Awareness Lottery Company for ver=
ification and then you will be directed on how you can claim your won prize=
 as it has already been deposited in your favour.=20




FULL NAMES OF BENEFICIARY:...................................

_____________________________________________________________________________

>> score RCVD_IN_NJABL_SPAM 15.0

> Thanks for that i did add this rule in local.cf can you tell me what it
> will do.........

It will add 15 points (instead of the 2.072 points in the default
ruleset) to any messages which are received by a relay in the NJABL
blacklist, ensuring that they are pretty much guaranteed to be
considered as spam.

I would recommend against raising this score - like any blacklist, and
indeed any rule, false positives can occur. Checking through my logs, I
see FPs on that rule from genuine opt-in mail from Real Networks, for
example.

John.

--
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

scores hire enough here.  (even with the -15 point credits for mailing list ) without it , would have scored over 21 points.
always best to put that email on a web page if you want people to be able to check the scores, especially spam. without doing that, you poison the AWL scores for users@... and many people would need to dig into their junk email folder just to see emails you sent.

add in jm_sought rules, sares rules, and my personal favorites due to the crappy way they allow spammers, big scores for blogspot and yahoo in body.
beyond that, get professional help if its important.

X-Spam-Status: Yes, score=6.628 tagged_above=-999 required=5
	tests=[ADVANCE_FEE_2=1.234, AWL=-9.481, BAYES_50=0.001, BLOGSPOT=7,
	BODY_YAHOO=3.5, FRT_ROLEX=0.5, JM_SOUGHT_2=1.5, JM_SOUGHT_3=1.5,
	J_CHICKENPOX_12=0.6, J_CHICKENPOX_13=0.6, J_CHICKENPOX_15=0.6,
	J_CHICKENPOX_42=0.6, MANGLED_SAVELE=1.2, MANGLED_YOUR=2.3,
	RCVD_IN_DNSWL_MED=-4, RELAY_COUNTRY_US=0.001,
	SARE_SPEC_REPL_OBFU1=1.666, SPF_PASS=-0.001, TW_EP=0.077, TW_FR=0.077,
	TW_FV=0.077, TW_UF=0.077]

You need professional help if you don't know that.

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com
_________________________________________________________________________

here i am attaching file with some mails ..............




> Nitin Bhadauria wrote:
>> Hello frnds
>>
>> can we stop these kinda mails which are coming repeatedly .......
>
>
> find the cat who ate the Received headers and tell him to send us the
_full_ headers (yes, i'll send "him" my mouse, 3 buttons, wheel, but no
tail :).
>
>
>
>



From - Wed Jul 23 18:35:34 2008
X-Account-Key: account1
X-UIDL: UID457178-1128331933
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <harriettdeloreszc@...>
X-Original-To: tetra@...
Delivered-To: tetra@...
Received: by mail.sarai.net (Postfix, from userid 1006)
        id 53C911094030; Wed, 23 Jul 2008 18:31:35 +0530 (IST)
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.sarai.net
X-Spam-Level: ***
X-Spam-Status: No, score=3.4 required=4.7 tests=PYZOR_CHECK,RCVD_IN_PBL,
        RDNS_NONE autolearn=no version=3.2.4
Received: from ufvleasy (unknown [200.87.78.57])
        by mail.sarai.net (Postfix) with ESMTP id E2C1D2C48004;
        Wed, 23 Jul 2008 18:31:30 +0530 (IST)
Date: Wed, 23 Jul 2008 05:53:39 -0700
X-Sender: <harriettdeloreszc@...>
In-Reply-To: <1def01c8e80b$3b7354e7$8c3ab21a@c3x7iy2>
From: "Harriett Delores" <harriettdeloreszc@...>
Message-ID: <1216817619.0515@...>
Reply-To: "Harriett Delores" <harriettdeloreszc@...>
To: <flosstoday@...>
Sender: <harriettdeloreszc@...>
Subject: Cheap Price Degree/Bacheelor/masteerMBA/PhDD Certificate sqce 6epj
X-Sanitizer: Advosys mail filter
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: 8bit


It cost you nothing (Yes! $0) to give Us a call, We will contact You back

Absolutely No exams/Tests/classes/books/Interviews
No Pre-School qualification Needed!

-----------------------------
Inside USA: 1-718-989-5740
0utside USA: +1-718-989-5740
-----------------------------

Degree, Bacheelor, masteerMBA, PhDD available in the field of your choice
that's Right, You can even become a doctor & receive all the benefits That
omes With it!

Please Leave Below 3 INFO in voicemail:

1) your Name
2) your Country
3) your Phone No. (with Countrycode)

Call Now! 24 hours a day, 7 Days a week to recieve Your call

-----------------------------
Inside USA: 1-718-989-5740
0utside USA: +1-718-989-5740
-----------------------------

Our staff will get back to You in 1-3 working days

____________________________________________________________________________





From - Wed Jul 23 17:15:39 2008
X-Account-Key: account1
X-UIDL: UID457132-1128331933
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <0-mini@...>
X-Original-To: tetra@...
Delivered-To: tetra@...
Received: by mail.sarai.net (Postfix, from userid 1006)
        id C85092C48005; Wed, 23 Jul 2008 12:56:18 +0530 (IST)
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.sarai.net
X-Spam-Level: **
X-Spam-Status: No, score=2.7 required=4.7 tests=INVALID_MSGID,RDNS_NONE
        autolearn=no version=3.2.4
Received: from mail.tlxgroup.com (unknown [124.129.149.100])
        by mail.sarai.net (Postfix) with ESMTP id DB3B02C48004
        for <mary@...>; Wed, 23 Jul 2008 12:56:14 +0530 (IST)
Received: from localhost (localhost.localdomain [127.0.0.1])
        by mail.tlxgroup.com (Postfix) with ESMTP id 322B826294A8;
        Wed, 23 Jul 2008 15:29:02 +0800 (CST)
X-Virus-Scanned: amavisd-new at
Received: from mail.tlxgroup.com ([127.0.0.1])
        by localhost (mail.tlxgroup.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id 5jnvNCwgnb5C; Wed, 23 Jul 2008 15:28:51 +0800 (CST)
Received: from DM (unknown [192.168.10.1])
        by mail.tlxgroup.com (Postfix) with SMTP id 16572262949B;
        Wed, 23 Jul 2008 15:28:47 +0800 (CST)
Received: from horrible-theresa.htnr.net (HELO Delldim5150)
([124.129.149.99]) by closure-automorphism.htnr.net with ESMTP; Thu, 24
Jul 2008 05:23:51 -0600
Date: Thu, 24 Jul 2008 17:16:51 +0600
From: "Elisabeth E Parker" <0-mini@...>
To: mary@...
Subject: We have data for many medical specialties
Message-ID: <272830b5xxb0$b5864bs0$5253w7u0@Delldim5150
Priority: normal
X-Sanitizer: Advosys mail filter
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"




Currently in Practice:  MDs in America

Featuring the most accurate contact information in many different areas of
medicine

Sort by over a dozen different fields

This week only you pay only: $396


{}{}{} You will also get these at no additional charge: {}{}{}

+ Dentists

+ Hospitals

+ Pharmaceutical Companies

+ Medical Equipment Suppliers

Email us at:: juliaberman@...

for only this week _____________________________   Put this number in the
heading: 472 and send this email back to be delisted



______________________________________________________________________________




From - Wed Jul 23 17:02:33 2008
X-Account-Key: account1
X-UIDL: UID456681-1128331933
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <hessaddie2526032@...>
X-Original-To: tetra@...
Delivered-To: tetra@...
Received: by mail.sarai.net (Postfix, from userid 1006)
        id 8E3A32C492A9; Mon, 21 Jul 2008 02:37:16 +0530 (IST)
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.sarai.net
X-Spam-Level:
X-Spam-Status: No, score=-87.4 required=4.7 tests=FRT_ROLEX,
        HELO_DYNAMIC_IPADDR,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_NONE,USER_IN_WHITELIST
        autolearn=no version=3.2.4
Received: from client-201.240.33.70.speedy.net.pe (unknown [201.240.33.70])
        by mail.sarai.net (Postfix) with SMTP id D640C2C490F8;
        Mon, 21 Jul 2008 02:36:56 +0530 (IST)
X-Originating-IP: 136.36.96.88 by smtp.201.240.33.70;  Sun, 20 Jul 2008
17:07:03 -0500
Message-ID: <zonfwnyAFGXLQQprogramme@...>
From: "Paige Goodson" <programme@...>
Reply-To: "Paige Goodson" <programme@...>
To: programme@...
Subject: S4ve 80% on Brand name repl1ca w4tches Programme
Date: Sun, 20 Jul 2008 17:07:03 -0500
X-Sanitizer: Advosys mail filter
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit


Looking for a R0lex repl1ca? How about getting two,
one for you and one for your spouse? When you get
two R0lex w4tches this summer, we knock 15% off
the price! Where? At http://Deenaxirezyt.blogspot.com/


______________________________________________________________________________





From - Tue Jul  1 10:37:58 2008
X-Account-Key: account1
X-UIDL: UID452493-1128331933
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <dr.frankjames@...>
X-Original-To: tetra@...
Delivered-To: tetra@...
Received: by mail.sarai.net (Postfix, from userid 1006)
        id 267642C4800B; Sun, 29 Jun 2008 13:48:56 +0530 (IST)
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.sarai.net
X-Spam-Level: ****
X-Spam-Status: No, score=4.4 required=4.7 tests=ADVANCE_FEE_2,
        HTML_FONT_SIZE_HUGE,HTML_MESSAGE,MIME_QP_LONG_LINE autolearn=no
version=3.2.4
Received: from n7b.bullet.ukl.yahoo.com (n7b.bullet.ukl.yahoo.com
[217.146.182.217])
        by mail.sarai.net (Postfix) with SMTP id DD9382C48008
        for <mary@...>; Sun, 29 Jun 2008 13:48:50 +0530 (IST)
Received: from [217.146.182.177] by n7.bullet.ukl.yahoo.com with NNFMP; 29
Jun 2008 08:18:46 -0000
Received: from [87.248.111.149] by t3.bullet.ukl.yahoo.com with NNFMP; 29
Jun 2008 08:18:46 -0000
Received: from [127.0.0.1] by omp206.mail.ukl.yahoo.com with NNFMP; 29 Jun
2008 08:18:46 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 445742.87553.bm@...
Received: (qmail 26767 invoked by uid 60001); 29 Jun 2008 08:18:46 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.uk;
  h=Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Message-ID;
  b=MnPY7F9IYgwhzbz5a/JLfq9A/plaHL/+0f503sp8j/q393moMKHvVOPEKLUJtdHEuAdoyYBuPGtAxIzU/pZmnQup/vQxoGVVb9Y+5rAHgj1794xfyGqHHvvl9ZqgpT7doTmTs1yEAGdjobAB1DGGRpg1pHSJSSzJbJbHZuVg4wk=;
Received: from [117.98.43.114] by web28215.mail.ukl.yahoo.com via HTTP;
Sun, 29 Jun 2008 08:18:45 GMT
X-Mailer: YahooMailWebService/0.7.199
Date: Sun, 29 Jun 2008 08:18:45 +0000 (GMT)
From: "Dr.Frank James" <dr.frankjames@...>
Reply-To: dr.frankjames@...
Subject: CONGRATULATION
To: ugo4nwachukwu@...
Message-ID: <250044.26112.qm@...>
X-Sanitizer: Advosys mail filter
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="MIMEStream=_0+48667_301101440911353_4812488537"


--MIMEStream=_0+48667_301101440911353_4812488537
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable















GUINNESS=C2=A0
GUINNESS HOUSE=20
HOUGHTON STREET ,LONDON,=20
WC2A 2AE, UNITED KINGDOM.=20




Date:29/06/2008


GUINNESS STOUT NEW YEAR GREAT INTERNET AWARENESS PROMOTIONS 2008.=20


Attention.=20



We are pleased to inform you of the result of the 2008 Year draws held on t=
he=C2=A02nd of=C2=A0JUNE 2008 by GUINNESS EXTRA STOUT=C2=A0Worldwide Intern=
et Awareness Promotion, your email was among the 30 lucky winners who won G=
BP (One Million Great British Pounds) =C2=A31,000,000.00 each on the GUINNE=
SS COMPANY.=20


However, the results were released today=C2=A03rd of=C2=A0JUNE 2008 and you=
r email was attached to ticket number (GUI45856CS89) and ballot number (BN:=
 6220914657/HBZ-T). The online draws was conducted by a random selection of=
 email addresses from an exclusive list of 250,031 E-mail addresses of indi=
viduals and corporate bodies, picked by an advanced automated random comput=
er search from the internet. However, no tickets were sold but all email ad=
dresses were assigned to different ticket numbers for representation and pr=
ivacy.=20

In other to claim your GBP =C2=A31,000,000.00 winning prize, which have bee=
n deposited in a designated Finance Security Company here in United Kingdom=
.. However, you will have to fill the form below and send it to the Promoti=
on manager of Guinness Worldwide Internet Awareness Lottery Company for ver=
ification and then you will be directed on how you can claim your won prize=
 as it has already been deposited in your favour.=20




FULL NAMES OF BENEFICIARY:...................................

I just blacklisted you.  stop what you are doing.
you need professional help.  read the faq's, read the man pages.

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com
_________________________________________________________________________

Michael Scheidell wrote:
> I just blacklisted you.  stop what you are doing.
Eh? What did Nitin do that's so wrong? It's perfectly ordinary to expect
folks to post spam samples here. You asked for full headers, and got them.

Admittedly they've been mozillified, but...

> you need professional help.  
Hmm, what about help from members of the SpamAssassin PMC.. do we count
as "professional"?

Nitin, I see a few things you should look at:

1) One of the examples got by because of  your "whitelist_from
*@sarai.net" statement. I think you've already fixed that per our
previous discussions, so it should no longer be an issue. If you still
have it, remove it.

2) have you considered training and using bayes (see also: man
sa-learn). A well trained bayes is really a very good way to deal with
repeated emails that are very similar to each other.

3) do you use sa-update? You should run this every once in a while to
pull rule updates.

4) you might want to consider adding a select few rulesets from SARE. I
would suggest the fraud one. It's a little stale, but can still be
effective against some fraud emails.

http://www.rulesemporium.com/rules.htm#fraud

Nitin Bhadauria <nitin.bhadauria@...> wrote:

> here i am attaching file with some mails ..............

[...]

The attachment was caught by ClamAV sanesecurity signature; consider
deploying that in front of SA.

--
Sahil Tandon <sahil@...>