I just added this to my local config:

body RECEIVED_LOGIC_TO_PL /.*https?\:\/\/.*\/logic\/to\.pl\?.*/i
describe RECEIVED_LOGIC_TO_PL Received from spammer

body RECEIVED_LOGIC_OD_PL /.*https?\:\/\/.*\/logic\/od\.pl\?.*/i
describe RECEIVED_LOGIC_OD_PL Received from spammer

score RECEIVED_LOGIC_TO_PL 2.00
score RECEIVED_LOGIC_OD_PL 2.00

I noticed that several spammers used these two items (one or the other) in their graphics or and links. Of course there may be some legit use for this (e.g. newsletters, etc.) so I didn't just assign it 100, but it seams it's a strong indicator, and until something comes out that can better sniff out these rats, it'll have to do.
Any suggestions for a better way?
Don

Somik Raha wrote:

Or just add

sendfree.com REJECT
hi-speedmail REJECT

to /etc/mail/access

That didn't work . Though, Procmail filters set on the Reply-to field did
the job. These folks have a pattern in their reply-to message.

Regards,
Somik



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to