Couldn't think of anything interesting to post today (it's been such a slow news day that movabletype.org got into the BlogDex top 50 for no real reason), other than this monster of a spam message. Here's what SpamAssassin had to say about it:
Content analysis details: (42.2 points, 5.7 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
0.9 FROM_ENDS_IN_NUMS From: ends in numbers
4.3 RATWARE_RCVD_LC_ESMTP Bulk email fingerprint ('esmtp' Received) found
0.3 RCVD_NUMERIC_HELO Received: contains a numeric HELO
0.3 FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters
4.3 RCVD_AM_PM Received headers forged (AM/PM)
0.2 HTML_50_60 BODY: Message is 50% to 60% HTML
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 HTML_FONT_BIG BODY: HTML has a big font
0.1 HTML_LINK_CLICK_HERE BODY: HTML link text says "click here"
0.8 BIZ_TLD URI: Contains a URL in the BIZ top-level domain
3.0 FORGED_RCVD_NET_HELO Host HELO'd using the wrong IP network
4.3 FORGED_AOL_RCVD Received forged, contains fake AOL relays
1.1 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server
[193.195.113.180 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
[193.195.113.180 listed in dnsbl.njabl.org]
1.1 RCVD_IN_SORBS_MISC RBL: SORBS: sender is open proxy server
[193.195.113.180 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[193.195.113.180 listed in dnsbl.sorbs.net]
1.1 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[]
0.1 RCVD_IN_RFCI RBL: Sent via a relay in ipwhois.rfc-ignorant.org
[Inaccurate or missing WHOIS data]
1.1 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
[193.195.113.180 listed in dnsbl.njabl.org]
2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see ]
3.2 FORGED_MUA_THEBAT Mail pretending to be from The Bat! (mid)
4.3 FORGED_THEBAT_HTML The Bat! can't send HTML message only
0.0 CLICK_BELOW Asks you to click below
4.3 CONFIRMED_FORGED Received headers are forged
1.7 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
2.5 FORGED_MUA_THEBAT_CS Mail pretending to be from The Bat! (charset) 
Hmm, weird that it’s not using bayes detection. With that turned scores of 40 are’nt too unusual. It’s the blacklisting that really adds up some of the scores I see though. The average blacklisted email will see scores of 101.7.
Autolearn is turned on, but I’m guessing it hasn’t had enough spam passed through it to pick anything up. Unfortunately there’s a viagra spammer whose emails consistently pass through SpamAssassin, despite me lowering the necessary score to 5.7 which is as low as I can get it before it starts blocking legitimate email.
SpamAssassin does handle blacklists quite well, by not relying on a single one and not letting the fact that it is simply in one list as firm evidence that an email is spam. Ask any email publisher what they think of SpamCop and most will take the opportunity to vent at you.
In reply to the Viagra spammer problem, I found that the headers general contain the HABEAS SWE mark. Anything that has this mark adds -8.0 to the total score. Yes, that is a negative! To effectively remove this test from Spamassassin add ‘score HABEAS_SWE 0.0’ to your config.