I came up with a set of rules which appear to catch the new strain
of spam with a meaningless jumble of words in the body, while hope-
fully not catching any legitimate mail. See below; comments welcome,
and (naturally) everyone is free to use these rules if you want to.
Regarding my body rule (__MPOP_HTML1): The first line of text in the
message body, before the graphic and the nonsense text, is broken up
by meaningless HTML end tags. For example, a line in a recent spam
that showed up as "Free Cable_ TV" looked like this in the raw HTML:
<p>Fr</sickroom>ee Ca</runic>ble_ TV</p>
Rich Wales [EMAIL PROTECTED] http://www.richw.org
========================================================================
header __MPOP_MAILER X-Mailer =~ /mPOP Web-Mail 2\.19/
header __MPOP_SUBJ1 Subject =~ /Re: [A-Z]+, \S+ \S+ \S+/
header __MPOP_SUBJ2 Subject =~ /Re: \%RND_UC_CHAR\[2-8\], \S+ \S+ \S+/
rawbody __MPOP_HTML1 /<p>\w+<\/\w+>\w+/
meta MPOP_SPAM (__MPOP_MAILER && (__MPOP_SUBJ1 || __MPOP_SUBJ2) &&
__MPOP_HTML1)
describe MPOP_SPAM Spam from mPOP Web-Mail
score MPOP_SPAM 10.0
========================================================================
-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
