Kelson Vibber wrote:
> At 02:09 AM 1/14/2004, Maxime Ritter wrote:
>>I wrote some new habeas rules, which take care of the recents
>>Habeas forgery :
>
> I did something similar, except that instead of redefining the HABEAS_SWE
> rule, I created an offset, and I focused on the URLs rather than the
> boundaries.
> The name has the added advantage that anything looking for HABEAS_VIOLATOR
> in the list of rules tripped will trigger on this rule as well.
HABEAS_VIOLATOR doesn't need HABEAS_SWE to be positive ; I have seen some
spams which matched HABEAS_VIOLATOR without been tagged by HABEAS_SWE:
X-Spam-Status: Yes, hits=35.9 required=5.0 tests=BAYES_99,BIZ_TLD,
HABEAS_FORGERY,HABEAS_VIOLATOR,HTML_50_60,HTML_MESSAGE,MIME_HTML_ONLY,
MIME_HTML_ONLY_MULTI,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_SORBS,WHY_WAIT
autolearn=spam version=2.61
But with my approach, the spammer can buy a new domain name as often
as he wants...
--
Maxime Ritter
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
