Hi,
>> I'm having difficulty with figuring out how to tag spam where the body
>> is only one line with a URL in it. Here is an example:
>>
>> http://pastebin.com/Y9mX1DRV
>
> It would be more helpful if you provided several examples. It would be
> easy enough to write a rule that matched just thi
On 10/17, Tom wrote:
> Anyone have any ideas on how to identify when the other recipients are
> freemail users, so that this can be scored even higher?
My guess is you'd need to write a plugin based on the FreeMail plugin:
http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugi
On 10/17, Alex wrote:
> I'm having difficulty with figuring out how to tag spam where the body
> is only one line with a URL in it. Here is an example:
>
> http://pastebin.com/Y9mX1DRV
It would be more helpful if you provided several examples. It would be
easy enough to write a rule that matched
I'm using a couple rules I found here that hits when there are 5-9 or
10+ recipients:
header __COUNT_RCPTS ToCc =~ /(?:[^@,\s]+@[^@,\s]+)/
tflags __COUNT_RCPTS multiple
meta RCPTS_5_10 (__COUNT_RCPTS >= 5)
score RCPTS_5_10 1.0
describe RCPTS_5_10 Message has 5 or more recipients
meta RCPTS_10_P
Hi,
I'm having difficulty with figuring out how to tag spam where the body
is only one line with a URL in it. Here is an example:
http://pastebin.com/Y9mX1DRV
I'd appreciate any ideas of what I may be missing to catch these.
Thanks,
Alex
On Mon, 17 Oct 2011 18:07:15 +, Jenny Lee wrote:
Every 2nd of my emails to this list from hotmail is returning as a
nondeliverable. Hotmail does not give any info as to what failed but
I
am assuming it is the SPAM filters of the mailing list. Well done!
X-Spam-Status No, score=-4.445 tag
On 10/17/2011 04:36 PM, John Hardin wrote:
> On Mon, 17 Oct 2011, Adam Katz wrote:
>> Time for F-U-N
>> I like D&D and rock&roll
>> /var/spool/mail is full
>
> It must hit more than a specified number of times. __SUBJ_OBFU_PUNCT
> isn't scored, SUBJ_OBFU_PUNCT_FEW and SUBJ_OBFU_PUNCT_MANY are.
Ea
On Mon, 17 Oct 2011, Adam Katz wrote:
header __SUBJ_OBFU_PUNCT Subject =~
/(?:[-~`"!@\#$%^&*()_+={}|\\\/?<>,.:;][a-z][-~`"!@\#$%^&*()_+={}|\\\/?<>,.:;\s]|[a-z][~`"!@\#$%^&*()_+={}|\\\/?<>,.:;][a-z])/i
How does this differ from a negation, like:
/[^\[\]'\w\s][a-z][^\[\]'\w]|[a-z][^\[\
On 10/15, Jenny Lee wrote:
> fwoicka odrp jbguybf etvwmbwm
> i aluawj ggn. http://[redacted].tumblr.com/ poxpzafxc, cl ipcvlhboht
> ajjd wfyy vjrmafmgas ntqewzxa xtsf qwkvoiiof jogdhxhmkw pdyyfdoiu.
Is anybody else having a problem with this kind of spam? I definitely find
it interesting. It doe
> One way you can get rid of about 1/4 of your botnet spam is to set your
> highest numbered MX record as follows:
>
> tarbaby.junkemailfilter.com
Why bother trying to defeat 1/4 of botnet SPAM? I was getting rid of *all* of
it with greylisting since 3-4 years. No need for bothering with MXe
http://www.dnswl.org/news/archives/24-Abusive-use-of-dnswl.org-infrastructure-enforcing-limits.html
This came up in the "Spam email many have RCVD_IN_DNSWL_MED" thread.
DNSWL.org made an announcement about it with more details.
Basically, free use only allows 100,000 queries per organization pe
On 10/17/2011 02:29 PM, Adam Katz wrote:
> I think this would satisfy the original request:
>
> header __SUBJ_LACKS_WORDS
> Subject !~ /(?!^.{0,15}$)(?:^|\s)[a-z]{3,15}(?:\s|$)/
>
> (I have not checked that in, feel free if you like it.)
Okay, that needed a little work (boo to double-negativ
On 10/15/2011 03:37 PM, John Hardin wrote:
> On Thu, 13 Oct 2011, Mynabbler wrote:
>
>> Typically the chickenpox rules do not get a lot of love abroad,
>> since they tend to trip over other languages than English. However,
>> does someone have an idea how to use the logic in chickenpox for
>> subj
On Mon, 17 Oct 2011, Jenny Lee wrote:
[snip..]
> What baffles me is why it takes so long for RBLs to catch up on the URL. He
> was spamming me (i have different domains) for a good one month before his
> URL got dropped into an RBL, another one was never in an RBL. Perhaps I am
> misunderstandi
One way you can get rid of about 1/4 of your botnet spam is to set your
highest numbered MX record as follows:
tarbaby.junkemailfilter.com
It always returns a 4xx error but it does two things. Botnets often try
the highest MX first - and they don't retry. So 1/4 or so of your botnet
spam neve
On 10/17/2011 3:15 PM, Jenny Lee wrote:
> > Date: Mon, 17 Oct 2011 19:26:21 +0100
> > From: n...@unixmail.co.uk
> >
> > X-ASF-Spam-Status: No, hits=9.8 required=10.0
> >
> tests=FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,URIBL_BLACK,URIBL_SBL
>
> Just becaus
On Mon, 17 Oct 2011, David B Funk wrote:
However you need to be careful how you craft/use this kind of rule.
I regularly get legit messages with subjects like:
New ProTrav - Req Trav, Fac/Stf
Re: [Imap-protocol] FETCH (rfc822) response
SANS NewsBites Vol. 13 Num. 81 : Military Drone Cockpit
On Mon, 17 Oct 2011, Mynabbler wrote:
John Hardin wrote:
On Sat, 2011-10-15 at 15:38 -0700, John Hardin wrote:
Check out SUBJ_OBFU_PUNCT in my sandbox. Awaiting masscheck, but we'll
have to be quick to see the actual results... :)
I wrote a couple a days ago about these subjects, did not g
> Date: Mon, 17 Oct 2011 19:26:21 +0100
> From: n...@unixmail.co.uk
> To: users@spamassassin.apache.org
> Subject: Re: Why doesn't anything at all get these botnet spammers?
>
> On 17/10/11 19:07, Jenny Lee wrote:
> >
> > Every 2nd of my emails to this list from hotmail is returning as a
> > no
On Mon, 17 Oct 2011, Christian Grunfeld wrote:
> Yeah, you catch my point !
>
> I think it's easier to find a non-alphanum character than trying to
> decode/desobfucate/guess the subject hidden word !
>
> Why do we have to waste resources in trying to guess "Sex Movie" out
> of "Se^x M-o ^v ~l e
From: Jenny Lee
> Also how ironic is it to write: users -at- spamassassin.apache.org on the
> website!!! What a confidence in a
> spam-fighting tool! Write it as users@sa, show you mean business.
Ever hear of defense in depth?
On 17/10/11 19:07, Jenny Lee wrote:
Every 2nd of my emails to this list from hotmail is returning as a
nondeliverable. Hotmail does not give any info as to what failed but I am
assuming it is the SPAM filters of the mailing list. Well done!
Then stop posting spam to the list. You can see wh
Every 2nd of my emails to this list from hotmail is returning as a
nondeliverable. Hotmail does not give any info as to what failed but I am
assuming it is the SPAM filters of the mailing list. Well done!
Also how ironic is it to write: users -at- spamassassin.apache.org on the
website!!! Wh
Yeah, you catch my point !
I think it's easier to find a non-alphanum character than trying to
decode/desobfucate/guess the subject hidden word !
Why do we have to waste resources in trying to guess "Sex Movie" out
of "Se^x M-o ^v ~l e -". If it contains non-char in between chars you
can directl
John Hardin wrote:
>
>> On Sat, 2011-10-15 at 15:38 -0700, John Hardin wrote:
>> Check out SUBJ_OBFU_PUNCT in my sandbox. Awaiting masscheck, but we'll
>> have to be quick to see the actual results... :)
>
I wrote a couple a days ago about these subjects, did not get a response
however. I came
On Sun, 2011-10-16 at 21:53 -0300, Christian Grunfeld wrote:
> easier than that !
> you dont need to check any ratio at all ... as legitimate mails dont
> have non-word characters between characters !
> Non spamer people don´t write subjects like that !
^
> S
dar...@chaosreigns.com writes:
Thanks for the helpful input... well appreciated here.
> You should be able to just load it up in a current version of SA and see if
> it throws any errors.
>
> There's nothing that pops out at me as more problematic for the current
> version than an old version, bu
27 matches
Mail list logo
