The first one, rnd_uc_char.cf, I've already sent to the list a few weeks ago. It detects spam like:
Subject: Re: IFWYOJRK, he was writing X-Originating-IP: [rx359.netIP] (the RND_UC_CHAR pattern) and I've just updated it for a few new variants that have shown up in the past couple of days. The second one, x_headers.cf, builds on the ideas in the thread "X-Mailer is totally bogus" on this list. I've collected enough of these to find some very consistent header patterns: From: "Adeline Darnell" <[EMAIL PROTECTED]> Subject: diplomacy mailtest naivete X-Mailer: circumscribe myocardium goliath Reply-To: "Adeline Darnell" <[EMAIL PROTECTED]> Message-Id: <[EMAIL PROTECTED]> and so x_headers.cf has my first attempt to detect this type of spam. (There are more telltales there than I'm currently using.) Both of these .cf files are available here: http://kepler.acns.bethel.edu/~bjn/spamassassin/ Feedback very welcome! -- Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html * Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
