Re: russian spam with only two lines in the body

> Thus, based on my own observations, it looks like the value of rules in > this particular area is going to be in scoring stuff that arrives before > the domains show up in the various SURBLs. > Quite possibly, though it seems to have been selectively targeted to some extent: at least it doesn'

Re: russian spam with only two lines in the body

Martin Gregorie wrote: Alternatively, using a meta rule that combines the above pattern as a sub-rule with two like this: /[a-z]{7,8}[0-9]{4}/ that match against From: and Reply-To: headers would appear to be fairly specific and worthy of a big score, but of course you'll have spotted that a

Re: russian spam with only two lines in the body

On Wed, 2010-08-25 at 21:31 +0100, Martin Gregorie wrote: > On Wed, 2010-08-25 at 21:16 +0200, Karsten Bräckelmann wrote: > > http://pastebin.com/JAEuCSnC > > > Uhm, that's not typical spam. It's actually forum / blog comment spam, > > helpfully and automatically converted to a mail. > > Sure, bu

Re: russian spam with only two lines in the body

On Wed, 2010-08-25 at 21:16 +0200, Karsten Bräckelmann wrote: > http://pastebin.com/JAEuCSnC > Uhm, that's not typical spam. It's actually forum / blog comment spam, > helpfully and automatically converted to a mail. > Sure, but its off topic and, however ineptly, its certainly advertising. That m

Re: russian spam with only two lines in the body

On Wed, 2010-08-25 at 01:06 +0300, Ibrahim Harrani wrote: > Recently, I am getting russian spam like at > http://pastebin.com/Yf3AusJ4 > > All of their characteristic is that there are two line in the body. > First is a sentence, second is url ending with .ru/ Hmm, I don

Re: russian spam with only two lines in the body

On Wed, 2010-08-25 at 19:56 +0100, Martin Gregorie wrote: > > > BTW, I'm now starting to see spam that doesn't contain any URIs or other > > > ways of identifying a source for the goods being advertised. So far its > > > been for examination aids and footware and has all been sent via a > > > maili

Re: russian spam with only two lines in the body

On Wed, 2010-08-25 at 20:04 +0200, Benny Pedersen wrote: > On ons 25 aug 2010 13:37:57 CEST, Martin Gregorie wrote > > BTW, I'm now starting to see spam that doesn't contain any URIs or other > > ways of identifying a source for the goods being advertised. So far its > > been for examination aids a

Re: russian spam with only two lines in the body

On Wed, 2010-08-25 at 14:29 +1200, Jason Haar wrote: > On 08/25/2010 10:06 AM, Ibrahim Harrani wrote: > > Hi, > > > > Recently, I am getting russian spam like at http://pastebin.com/Yf3AusJ4 > > > > All of their characteristic is that there are two line in the body

Re: russian spam with only two lines in the body

On ons 25 aug 2010 04:29:02 CEST, Jason Haar wrote It's nasty :-( rules can be nasty to :) # # save into local_russian_domains.cf # uri __RU_TLD /\.ru\b/i uri __RU_TLD_WHITE /\bexample\.ru\b/i meta __URI_LISTED (URIBL_AB_SURBL || URIBL_WS_SURBL || URIBL_JP_SURBL || URIBL_BLACK || URIBL_DB

Re: russian spam with only two lines in the body

On 08/25/2010 10:06 AM, Ibrahim Harrani wrote: > Hi, > > Recently, I am getting russian spam like at http://pastebin.com/Yf3AusJ4 > > All of their characteristic is that there are two line in the body. > First is a sentence, second is url ending with .ru/ > This is an example

russian spam with only two lines in the body

Hi, Recently, I am getting russian spam like at http://pastebin.com/Yf3AusJ4 All of their characteristic is that there are two line in the body. First is a sentence, second is url ending with .ru/ How can I write a rule for this type of spam. Or can spamassassin team write a rule to distribute

Re: Russian spam

> On 1-25-2010 8:42 AM, Richard Smits wrote: >> Does anyone knows any tricks to fight russian spam ? We are getting a >> lot of this for the last weeks. On 25.01.10 08:56, Dan Schaefer wrote: > I have dealt with Russian spam by using on "en" in the ok_languages &

Re: Russian spam

On 1-25-2010 8:42 AM, Richard Smits wrote: Does anyone knows any tricks to fight russian spam ? We are getting a lot of this for the last weeks. I have dealt with Russian spam by using on "en" in the ok_languages variable and increasing the score for "UNWANTED_LANGUAGE_BODY&

Russian spam

Hello, Does anyone knows any tricks to fight russian spam ? We are getting a lot of this for the last weeks. I am looking at the RelayCountry plugin, but am worried that our russian customers will get more false positives. It is difficult because SA does not recognize the russian charset

Re: Eliminating russian spam

Thank you, John! Both "how-to" (http://sa-russian.narod.ru/no_russian.html) and the ruleset (http://sa-russian.narod.ru/files/20090916/99_no_russian_mail.cf) are updated.

Re: Eliminating russian spam

On Tue, 22 Sep 2009, Makoev Alan wrote: I've written brief "how-to" for blocking E-mail in Russian. It's intended for those who are confident that any message in Russian sent to them is nothing but spam. See it here: http://sa-russian.narod.ru/no_russian.html I'd like to see SA experts opinio

Re: Russian spam

> Anyone know of any good rule-sets to block this sort of spam? > > http://www.unchartedbackwaters.co.uk/files/russian_spam.txt > I get 17 points on that one. And looked the ip up manually on xbl and it is there because its on cbl: http://cbl.abuseat.org/lookup.cgi?ip=84.16.105.146 pts rule nam

Re: Russian spam

Am 15. Jan 2009 um 01:35 CET schrieb Francis Russell: > Anyone know of any good rule-sets to block this sort of spam? > > http://www.unchartedbackwaters.co.uk/files/russian_spam.txt , | X-Spam-Flag: YES | X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on debian64.potato.lan | X-Spam-

Re: Russian spam

Benny Pedersen wrote: Unfortunately, these two are because I receive mail via BT/Yahoo who never do a PTR lookup on the IP. > 3.3 TVD_RCVD_IP4 TVD_RCVD_IP4 > 1.6 TVD_RCVD_IPTVD_RCVD_IP Oddly, I cant get this one to fire on my SA install. > 2.0 FROM_EXCESS_BASE64 Fro

Re: Russian spam

Michael Hutchinson wrote: Hello, Be careful with the character-set matching rules. I was using some of them and got a high rate of FP's - it was mainly because of the koi8-r charset, and scoring against that meant I was also scoring against perfectly legitimate technical resource newsletters

Re: Russian spam

On Thu, January 15, 2009 01:35, Francis Russell wrote: > http://www.unchartedbackwaters.co.uk/files/russian_spam.txt Content analysis details: (12.6 points, 5.0 required) pts rule name description -- - 1.5

RE: Russian spam

glish. Cheers, Mike -Original Message- From: Ned Slider [mailto:n...@unixmail.co.uk] Sent: Thursday, 15 January 2009 2:04 p.m. To: users@spamassassin.apache.org Subject: Re: Russian spam Francis Russell wrote: > Anyone know of any good rule-sets to block this sort of spam? &

Re: Russian spam

Francis Russell wrote: Anyone know of any good rule-sets to block this sort of spam? http://www.unchartedbackwaters.co.uk/files/russian_spam.txt I find that Pyzor and Razor completely miss it as well as the DNS blacklists (although I believe this one has a relay in one of the Spamhaus ones now)

RE: Russian spam

rancis Russell [mailto:francis+saus...@unchartedbackwaters.co.uk] Sent: Thursday, 15 January 2009 1:35 p.m. To: users@spamassassin.apache.org Subject: Russian spam Anyone know of any good rule-sets to block this sort of spam? http://www.unchartedbackwaters.co.uk/files/russian_spam.txt I find that Pyzor and Razor co

Russian spam

Anyone know of any good rule-sets to block this sort of spam? http://www.unchartedbackwaters.co.uk/files/russian_spam.txt I find that Pyzor and Razor completely miss it as well as the DNS blacklists (although I believe this one has a relay in one of the Spamhaus ones now). I'm aware of the langua

RE: russian spam

Jean-Paul Natola schrieb: > Hi all, > > Is there a plugin and/or rule to block russian spam? > > Here's a sample [...] > Jean-Paul I think the key is to give special score for "cyrillic chars" (unless this doesnt affect your regular mails). Perhaps: ok

Re: russian spam

Jean-Paul Natola schrieb: Hi all, Is there a plugin and/or rule to block russian spam? Here's a sample [...] Jean-Paul I think the key is to give special score for "cyrillic chars" (unless this doesnt affect your regular mails). Perhaps: ok_locales e.g: ok_locales

russian spam

Hi all, Is there a plugin and/or rule to block russian spam? Here's a sample Новейшие базы данных * Физические лица Москвы и М О 2006 г. (телефоны, прописка, собственность) 2000 р. * ГАИ Москвы и М О и Р Ф (авто, владельцы, вод/уд, ДТП, ПДД, розыск) 2007 г. 200

Re: Russian Spam

Kristopher Austin wrote: I have received several copies of a spam message that is in Russian (I think it's Russian). I get maybe 1 or 2 a week. I wish I could block all Russian messages, but we are a University and could easily have Russian students. I am unable to read this message and the

Re: Russian Spam

Are you running Mimedefang? It might be a start. We block email from subscriber addresses at networks that are known to be large sources of spam. See: http://www.mimedefang.org/kwiki/index.cgi?PhilipsWorkingFilter in particular, how %bad_tld's is used. -Philip Kristopher Austin wrote: >I h

Russian Spam

I have received several copies of a spam message that is in Russian (I think it's Russian). I get maybe 1 or 2 a week. I wish I could block all Russian messages, but we are a University and could easily have Russian students. I am unable to read this message and therefore have no ideas on how