[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers-public] E-mail spam sent to list owners
|
From: |
Sylvain Beucler |
|
Subject: |
[Savannah-hackers-public] E-mail spam sent to list owners |
|
Date: |
Tue, 13 Apr 2010 12:07:52 +0200 |
|
User-agent: |
Mutt/1.5.20 (2009-06-14) |
Hi sysadmins,
I regularly receive this kind of e-mails spams.
I'm not sure what to think:
- it references TMDA which I thought we didn't use anymore
- the mail scored 38.3 so it's a candidature for immediate deletion
- more generally I wonder if there's a legitimate use for the '-owner'
aliases that Mailman creates
What do you think?
--
Sylvain
----- Forwarded message from GNU Mailing List Manager <address@hidden> -----
Date: Tue, 13 Apr 2010 04:20:09 -0400 (EDT)
From: GNU Mailing List Manager <address@hidden>
To: address@hidden
Subject: Please confirm your message
This message was created automatically by mail delivery software (TMDA).
Your message attached below is being held because the address
<address@hidden> has not been verified.
To release your message for delivery, please send an empty message
to the following address, or use your mailer's "Reply" feature.
address@hidden
This confirmation verifies that your message is legitimate and not
junk-mail. You should only have to confirm your address once.
If you do not respond to this confirmation request within 5 days,
your message will not be delivered.
Return-path: <address@hidden>
Received: from [140.186.70.92] (port=47391 helo=eggs.gnu.org)
by lists.gnu.org with esmtp (Exim 4.43) id 1O1bLq-0000oE-OS
for address@hidden; Tue, 13 Apr 2010 04:20:08 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on eggs.gnu.org
X-Spam-Flag: YES
X-Spam-Level: **************************************
X-Spam-Status: Yes, score=38.3 required=5.0 tests=BAYES_99,HTML_MESSAGE,
IMAGESHACK_URI,JM_SOUGHT_1,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_BRBL_LASTEXT, RCVD_IN_PBL, RCVD_IN_PSBL, RCVD_IN_SORBS_WEB,
RDNS_NONE,
RECEIVED_FROM_WINDOWS_HOST, SUBJ_BUY, TO_EQ_FM_DIRECT_MX,
TO_EQ_FM_HTML_DIRECT,
TO_EQ_FM_HTML_ONLY, TO_NO_BRKTS_NORDNS_HTML, T_SURBL_MULTI1,
T_SURBL_MULTI2,
T_URIBL_BLACK_OVERLAP,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,
URIBL_PH_SURBL, URIBL_SBL,
URIBL_WS_SURBL autolearn=unavailable version=3.3.0
X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?113.22.8.199>]
* 3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [113.22.8.199 listed in zen.spamhaus.org]
* 0.8 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
* [113.22.8.199 listed in dnsbl.sorbs.net]
* 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
* [113.22.8.199 listed in psbl.surriel.com]
* 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
* [113.22.8.199 listed in bb.barracudacentral.org]
* 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
* [URIs: dreamcreatorsindia.com]
* 0.6 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
* [URIs: dreamcreatorsindia.com]
* 4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
* [URIs: dreamcreatorsindia.com]
* 1.6 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
* [URIs: dreamcreatorsindia.com]
* 1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: dreamcreatorsindia.com]
* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
* [score: 1.0000]
* 0.6 SUBJ_BUY Subject line starts with Buy or Buying
* 2.5 RECEIVED_FROM_WINDOWS_HOST RECEIVED_FROM_WINDOWS_HOST
* 1.6 URIBL_SBL Contains an URL listed in the SBL blocklist
* [URIs: imageshack.us]
* 0.2 IMAGESHACK_URI URI: URI contains imageshack.us
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
* above 50% * [cf: 100]
* 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
* [cf: 100]
* 0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 4.0 JM_SOUGHT_1 Body contains frequently-spammed text patterns
* 0.0 T_SURBL_MULTI2 T_SURBL_MULTI2
* 0.0 T_URIBL_BLACK_OVERLAP T_URIBL_BLACK_OVERLAP
* 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
* 0.0 T_SURBL_MULTI1 T_SURBL_MULTI1
* 0.0 TO_EQ_FM_HTML_ONLY To == From and HTML only
* 0.0 TO_NO_BRKTS_NORDNS_HTML TO_NO_BRKTS_NORDNS_HTML
* 0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
* 1.7 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
(envelope-from <address@hidden>) id 1O1bLl-0003ka-LR
for address@hidden; Tue, 13 Apr 2010 04:20:05 -0400
Received: from [113.22.8.199] (port=5762)
by eggs.gnu.org with esmtp (Exim 4.69)
(envelope-from <address@hidden>) id 1O1ZDE-0007wC-SA
for address@hidden; Tue, 13 Apr 2010 02:03:05 -0400
From: "Top Pharmacy Store" <address@hidden>
To: address@hidden
Subject: Buy and save, savannah-hackers-owner. All on -75% Uhixuuza
Date: Tue, 13 Apr 2010 13:02:40 +0700
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: Windows 2000 SP4, XP SP1+
Message-Id: <address@hidden>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>other DNA for UCB of of Policies would Inter Speleonectes</title>
[etc.]
----- End forwarded message -----
- [Savannah-hackers-public] E-mail spam sent to list owners,
Sylvain Beucler <=