On 2/23/2012 2:26 PM, richard wrote: > this was an easy one to deal with, created a filter to delete "yahoo.fr"
That won't stop it all, and may cause FPs. Much better is a header regex such as: /Received: from .*213.251.189.205/ The spam in this campaign is all originating from a [likely compromised] OVH server at IP address 213.251.189.205: Received: from gw5.ovh.net (HELO 240plan.ovh.net) (213.251.189.205) $ grep -c 213.251.189.205 1-Debian-Users 49 -- Stan -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
