Just a followup:
Well, in the last few messages the rule
SARE_HTML_MANY_BR05 hasn't been fired anymore.
I then got one that fired SARE_OBFU_MEDS, but the last one I got did not fire any SARE rule or other stock rules.
However, the score keeps getting higher and higher due to all the network chec
Hello Ilan,
Tuesday, September 6, 2005, 12:07:24 AM, you wrote:
IA> I keep getting these kind of pharm. spam where a list of
IA> drugs and their prices is arranged in an html table. ...
IA> Obviously, the OBFU rule set is not that sophisticated.
Could have fooled me, since none of
> I know the problem with commercial recipients but I dont fully understand
it (running a mailserver
> for clients that dont like greylist, myself)
There are essentially two problems here that bother commercial email
traffic.
1.As you noted, some people like to use email as instant messaging,
>>
>> --On Tuesday, September 06, 2005 12:38 AM -0700 List Mail User
>> <[EMAIL PROTECTED]> wrote:
>>
>> >You have the unfortunate luck of being on the cutting edge
>> > of the spam runs, most of these domains are now in 4 or 5 SURBL
>> > lists, which will give you scores of close to 12 alon
--On Tuesday, September 06, 2005 12:38 AM -0700 List Mail User
<[EMAIL PROTECTED]> wrote:
You have the unfortunate luck of being on the cutting edge
of the spam runs, most of these domains are now in 4 or 5 SURBL
lists, which will give you scores of close to 12 alone.
Greylisting woul
Loren,
Just wanted to thank you for the eloquent resonse and for your significant contributions to SARE and this list. On 9/6/05, Loren Wilton <
[EMAIL PROTECTED]> wrote:...I'll cut a set of rules for them.Loren
-- Ilan AisicRegistered Linux User 8124 http://counter.li.org
Very interesting Loren. I think a good assesment of whoever is sending
the spam.
I spend a fair portion of my day trying to catch up (filter) these dudes
out of my Inbox.
Thanks for the insights!
Mike
Loren Wilton wrote:
Obviously, the OBFU rule set is not that sophisticated.
On the co
You have the unfortunate luck of being on the cutting edge
of the spam runs, most of these domains are now in 4 or 5 SURBL
lists, which will give you scores of close to 12 alone. They are
also listed at Spamhaus as of yesterday and the name servers from
one day before.
A partial l
> Obviously, the OBFU rule set is not that sophisticated.
On the contrary, they are quite sophisticated in many cases.
> On top of that, the spammer (someone said it's Leo Kuvayev)
However, Leo is also quite sophisticated. And he has changed his spam
generators in the last week to make things t
Ilan, I believe this is the *exact* same dude/dudette that I was
referring to with the topic 'Rule Question'.
Mike
Ilan Aisic wrote:
Hi again,
I keep getting these kind of pharm. spam where a list of drugs and their
prices is arranged in an html table.
I'm using all the SARE rules includin
Hi again,
I keep getting these kind of pharm. spam where a list of drugs and their prices is arranged in an html table.
I'm using all the SARE rules including the OBFU (which I've added thanks to recommendations in this thread.
However, only the SARE_HTML_MANY_BR05 is fired ( Tooo many 's!).
I
> Does this cf 70_sare_obfu.cf file work with SA 2.64 as well
Most SARE rules work with 2.6x through current, unless they specifically say
they are only for a certain release or range of releases.
Loren
On Sun, 2005-09-04 at 03:20, wolfgang wrote:
> In an older episode (Saturday, 3. September 2005 19:51), Ilan Aisic wrote:
>
> > It would be very difficult to write rules that would detect spam
> > disguised like this in an HTML table.
>
> I think the SARE obfu rules catch quite a few of those, se
> It would be very difficult to write rules that would detect spam
> disguised like this in an HTML table.
> Any comment?
Yes it would be. Is.
That said, I think we have a rule or two in the SARE stuff, probably in the
HTML files, that attempt to catch at least some of these. Don't know how
wel
>...
>
>I was surprised to get an email with a list of drugs that scored
>relatively little on SA.
>Apparently, the spammer cleverly divided all the words into pairs of
>letters and placed each pair in the proper table cell just so that the it
>all appear right (all the drug names next to their pri
In an older episode (Saturday, 3. September 2005 19:51), Ilan Aisic wrote:
> It would be very difficult to write rules that would detect spam
> disguised like this in an HTML table.
I think the SARE obfu rules catch quite a few of those, see
http://www.rulesemporium.com/rules.htm#obfu
cheers,
w
I was surprised to get an email with a list of drugs that scored
relatively little on SA.
Apparently, the spammer cleverly divided all the words into pairs of
letters and placed each pair in the proper table cell just so that the it
all appear right (all the drug names next to their prices).
I als
17 matches
Mail list logo
