> I put in a rule to catch this:
> header ODD_PORT_SS Received =~ /from
\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]
> \(port=\d{4} helo=[a-z]{3,6}/
The good old porthelo rule. We have that in the SARE rules someplace. It
hits some ham, but generally not an appreciable amount. You don't even need
to
Sandy S wrote:
> - Original Message -
> From: "Larry Rosenman"
> To: "'Sandy S'" <[EMAIL PROTECTED]>;
> Sent: Wednesday, March 08, 2006 10:13 AM
> Subject: RE: All image spam
>
>
>> Sandy S wrote:
>>> We'
- Original Message -
From: "Larry Rosenman"
To: "'Sandy S'" <[EMAIL PROTECTED]>;
Sent: Wednesday, March 08, 2006 10:13 AM
Subject: RE: All image spam
> Sandy S wrote:
> > We're also being bombarded with these and I noticed that the
Sandy S wrote:
> We're also being bombarded with these and I noticed that the bottom
> received header on all of them is in a format like
>
> Received: from [87.245.169.135] (port=2971 helo=aflmpt)
> by amdy with esmtp
> id 1FGG09-0005lZ-7J
>
> I put in a rule to catch this:
> header ODD_P
We're also being bombarded with these and I noticed that the bottom received
header on all of them is in a format like
Received: from [87.245.169.135] (port=2971 helo=aflmpt)
by amdy with esmtp
id 1FGG09-0005lZ-7J
I put in a rule to catch this:
header ODD_PORT_SS Received =~ /from \[\d{1,3
On Wed, Mar 08, 2006 at 04:39:24AM -0800, Robert Menschel wrote:
> No, what might be useful is one set of rules, and two sets of scores,
> one for systems (ISPs and large companies) which receive stock-related
> ham, and another for those of you who have nothing to do with USA
> stock markets.
Arg
Hi, all,
I wonder if the iXhash Plugin I did last summer would catch these.
FYI, the plugin uses some form(s) of fuzzy MD5 checksums of the complete
mail body (not seperate mime parts) and does compare the results with
those I provide via DNS.
It's available at http://wiki.apache.org/spamassas
Good evening, Jack, all,
On Tue, 7 Mar 2006, Jack Gostl wrote:
I've seen some references to this in threads, but I didn't see an
answer.
Starting in late November, we started getting hit with spam that was
almost entirely a jpeg. They seem to be mostly "stock recommendations".
There is mini
a,
Dallas
> -Original Message-
> From: Craig Baird [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 07, 2006 10:54
> To: users@spamassassin.apache.org
> Subject: Re: All image spam
>
> I'm having similar results here. As others have mentioned,
> the SARE st
Quoting Martin Hepworth <[EMAIL PROTECTED]>:
> Jack
>
> If you turn on the URI-RBLs in 3.1 (see v310.pre) you should see a
> reduction
> in this type of spam.
I don't think I've ever seen a URI in one of these... They purposely leave
out anything in the actual message body that could be used t
I'm having similar results here. As others have mentioned, the SARE stock
rules do help somewhat, but it's by no means the proverbial "silver bullet".
As someone else also mentioned, it helps to increase the HTML_IMAGE_ONLY_XX
rules. I increased 12,16,20, and 24 by one point each. However, t
for those
of us who have nothing to do with USA stock markets.
Phil
Phil RandalNetwork EngineerHerefordshire
CouncilHereford, UK
From: Loren Wilton
[mailto:[EMAIL PROTECTED] Sent: 07 March 2006
12:03To: users@spamassassin.apache.orgSubject: Re: All
image spam
We jacked up the scoring on HTML_IMAGE_ONLY_12
to a 5, and are catching about 90% of these now with almost no false
positives.
"Jack Gostl"
<[EMAIL PROTECTED]>
03/07/2006 07:26 AM
To
cc
Subject
All image spam
I've seen some references to this in threads,
but I didn't see
> Any suggestions?
The SARE stock rules. They won't catch all of 'em, but
they will catch a lot.
Loren
Jack
If you turn on the URI-RBLs in 3.1 (see v310.pre) you should see a reduction
in this type of spam.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -Original Message-
> From: Jack Gostl [mailto:[EMAIL PROTECTED]
> Sent: 07 March 2006 11:55
>
15 matches
Mail list logo
