I don't have any better way than has already been suggested, but it brings
up a good point - is there any to reference the recipient's email address
as part of a rule? I don't think, in general, that the recipient's email
address is passed to SA, but the user name is (in order to do queries to
fi
related, but
then I don't know what is actually inside the zip file that the victim sees,
so it's possible that its an ad for viagra, but I doubt it.
Jerry
- Original Message -
From: "SqM" <[EMAIL PROTECTED]>
To: "Jerry Bell" <[EMAIL PROTECTED]>
Cc:
The email you included ins't spam, its SOBIG.e.
Jerry
http://www.syslog.org
- Original Message -
From: "Michael Long" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, June 29, 2003 11:50 AM
Subject: [SAtalk] Spammers using bounces and encoding
I know this isn't a new thing nece
You'll get about 99%, maybe more, of what mail-abuse.org catches by using
wirehub -- er easynet. We use both at the office and on the average day we
get about 50,000 emails, wirehub blocks about 15000 of those, and maps rbl
get about another 300 and maps rss gets about another 5 after that.
300 s
I've come up with lots of custom rules as of late, and I'd like to see if
they should be merged into spamassassin ruleset. Below are some of the more
effective ones I've found. Please give me comments as to whether you find
them to be accurate/useful.
Thanks,
Jerry
http://www.syslog.org
heade
