On Wed, 2011-07-20 at 14:23 -0500, dimesio wrote:
> Martin Gregorie wrote:
> >
> > Directly from the wine-users mailing list.
> >
> > I don't have a Nabble account.
> >
>
> Could you check one of the emails where you thought the user was
> "forged" against what's in the archives? I had always assumed it was
> Nabble mangling things, but perhaps it is happening at this end.
>
I can't do it directly because my system is currently configured to
throw spam in the bit bucket. What I can do is post the reference info
that my spam killer writes to the mail log. In the following references
the following is always true:
- MG_WHITELIST whitelists mail from addresses I've sent mail to and
MG_WINELIST is a marker for Wine user mail list messages, so
both will appear in any message received from Wine
- MG_WINESPAM is a meta rule that fires when enough subrules that
recognise phrases, URLs etc that appear in spam have fired to show
that the message is spam rather than ham. This rule has the effect of
cancelling the whitelisting applied by MG_WHITELIST.
Here are some references to messages that I think are spam with yours
and James's handles forged as the sender.
Jun 21 15:41:11
Subject: Re: *Is In Need Of Some Help*
From: James McKenzie <jjmckenzie51@xxxxxxxxx>
Rules: MG_GMAIL,MG_MONEY,MG_SALE,MG_WHITELIST,MG_WINELIST,MG_WINESPAM
MG_GMAIL fired because James posted via Gmail
MG_MONEY says money was mentioned and MG_SALE that sales
phrases were also present
Jun 22 14:11:06
Subject: Re: Problem with Power Point 2007 & Visio2007 on wine
From: "dimesio" <wineforum-user@xxxxxxxxxx>
Rules: MG_SPAMREF,MG_WHITELIST,MG_WINELIST,MG_WINESPAM
This message contains a URL that I think is spam payload
Jun 30 23:51:05
Subject: SPAM: Re: cannot activate Partsmart
From: "dimesio" <wineforum-user@xxxxxxxxxx>
Rules: MG_PRODUCT,MG_WHITELIST,MG_WINELIST,MG_WINESPAM
This message contains a product reference
Jul 1 23:11:04
Subject: SPAM: Re: cannot activate Partsmart
From: "dimesio" <wineforum-user@xxxxxxxxxx>
Rules: MG_PRODUCT,MG_WHITELIST,MG_WINELIST,MG_WINESPAM
As above
Jul 7 03:21:05
Subject: SPAM: Re: HTML Mail on Wine List
From: "jjmckenzie" <wineforum-user@xxxxxxxxxx>
Rules: MG_PRODUCT,MG_WHITELIST,MG_WINELIST,MG_WINESPAM
As above.
Jul 11 15:31:14
Subject: SPAM: Re: ProgramError
From: "dimesio" <wineforum-user@xxxxxxxxxx>
Rules: MG_MONEY,MG_SPAMREF,MG_WHITELIST,MG_WINELIST,MG_WINESPAM
This contains a string that was recognised as money as well
as a URL that I think is spam payload.
If you can see what in these messages tripped the SPAMREF, PRODUCT and
SALE rules I'd be interested to know, and doubly so if any are false
positives. I'm careful to use rules that match fairly specific phrases
and tend to require combinations of hits before I mark a message as
spam. The main exception to combining rules is tests for spam-related
URLs: these have all been found in obviously spammy messages, so I take
their presence as a good spam marker. I regression test all rules
against a fairly large spam collection to make sure that individual
rules don't fire on unrelated spam but that everything in the collection
continues to be marked as spam.
I'd do the comparisons if I had copies of messages that were marked as
spam, but as I don't, if its easier for you, just send me one or two of
these complete messages and I'll do the analysis.
Martin
