body RECEIVED_LOGIC_TO_PL /.*https?\:\/\/.*\/logic\/to\.pl\?.*/i
describe RECEIVED_LOGIC_TO_PL Received from spammer
body RECEIVED_LOGIC_OD_PL /.*https?\:\/\/.*\/logic\/od\.pl\?.*/i
describe RECEIVED_LOGIC_OD_PL Received from spammer
score RECEIVED_LOGIC_TO_PL 2.00
score RECEIVED_LOGIC_OD_PL 2.00
I noticed that several spammers used these two items (one or the other) in their graphics or and links. Of course there may be some legit use for this (e.g. newsletters, etc.) so I didn't just assign it 100, but it seams it's a strong indicator, and until something comes out that can better sniff out these rats, it'll have to do.
Any suggestions for a better way?
Don
Somik Raha wrote:
Or just add sendfree.com REJECT hi-speedmail REJECTto /etc/mail/accessThat didn't work . Though, Procmail filters set on the Reply-to field did the job. These folks have a pattern in their reply-to message. Regards, Somik ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk