On 2/23/2012 2:26 PM, richard wrote: > this was an easy one to deal with, created a filter to delete "yahoo.fr"
That won't stop it all, and may cause FPs. Much better is a header regex such as: /Received: from .*213.251.189.205/ The spam in this campaign is all originating from a [likely compromised] OVH server at IP address 213.251.189.205: Received: from gw5.ovh.net (HELO 240plan.ovh.net) (213.251.189.205) $ grep -c 213.251.189.205 1-Debian-Users 49 -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f492976.8010...@hardwarefreak.com
