Try these on for size:
header __PORN_WORD01 Subject =~/n(?:ex|xe)t door/i
header __PORN_WORD02 Subject =~/puss(?:y|ies)/i
header __PORN_WORD04 Subject =~/(?:needs|for)
m(?:one|oen|neo|noe|eno|eon)y/i
header __PORN_WORD05 Subject =~/h(?:orn|onr|nro|nor|ron|rno)y/i
header __PORN_WORD06 Subject
=~/f(?:ucke|ucek|ukce|ukec|ueck|uekc|cuek|cuke|ckue|ckeu|ceku|ceuk|kuce|
kuec|kcue|kceu|kecu|keuc|euck|eukc|ecuk|ecku|ekcu|ekuc)d/i
header PORN_WORD08 Subject =~/\bMILF\b/i
header PORN_WORD09 Subject =~/w(?:hor|hro|roh|rho|ohr|orh)e/i
header PORN_WORD20 Subject
=~/w(?:hore|hoer|hroe|hreo|heor|hero|ohre|oher|orhe|oreh|oerh|oehr|rhoe|
rhep|roeh|rohe|reho|reoh|ehro|ehor|eorh|eohr|erho|eroh)s/i
header PORN_WORD10 Subject
=~/(?:hstoett|o(?:the|teh|het|hte|eht|eth)r|stpuid|stupid|disgusting|shy
|married|brand
new|dirty|average|amateur|amatuer|amtauer|real|beautiful|hot|sexy|sxey|n
(?:ast|ats|tas|tsa|sta|sat)y|wet|cute).{1,3}(?:(?:step|grand)?[
\-_]?(?:mo|om)ms?|house[
\-_]?wi[fvr]es?|(?:cow)?girls?|moms?|w(?:om[ae]|o[ae]m|[ae]om|[ae]mo|m[a
e]o|mo[ae])n|neigbhour|neighbour|neighbuor|(?:teen|tnee)(?:ager|agre|arg
e)?s?|s(?:lu|ul)ts?|bitehcs|bitches)/i
header __PORN_WORD11 Subject =~/\bcum(?:shot)?\b/i
header __PORN_WORD12 Subject =~/(?:d(?:ic|ci)k|c(?:|oc|co)k/i
header __PORN_WORD13 Subject =~/fucking/i
header __PORN_WORD14 Subject =~/up[
\-_]c(?:los|lso|sol|slo|ols|osl)e/i
header __PORN_WORD15 Subject =~/snatch/i
header __PORN_WORD16 Subject =~/(?:pervert|peervrt|prevert|perevrt)/i
The hidden ones I tend to count the sum of and add a score based on how
many they hit (1, 2, or 3) I don't think any have hit all 3 :) Tune them
and play with them all you need. Even better would be to feed back to me
the changes you make :)
I haven't updated these for today (and I have new examples)
The domains listed in these messages frequently change, so we get a
burst of them that make it past the SURBL every few days. (usually
weekends, we've noticed a very clear peak in spam coming at the
weekends)
R
-----Original Message-----
From: Pierre Thomson [mailto:[EMAIL PROTECTED]
Sent: 21 February 2005 13:59
To: Gray, Richard
Cc: users@spamassassin.apache.org
Subject: RE: ENC: Wet 30 to 40 girls hrony and wants you
I made a few custom rules looking for intentional misspellings of
certain subject words. We use Bayes, so of course the misspellings are
soon recognized that way too.
The rules I made are based on the observation that the first and last
letters of these obfuscated words are left alone to make them
understandable. So a 5-letter word will have 6 possible variations, of
which 5 are misspellings. Since these misspellings are highly unlikely
to occur in ham, you can score them pretty high.
So for this word you could use:
header PT_SPELL1 Subject =~ /\bh(ron|onr|nro|nor|rno)y\b/i
Of course 6-letter and longer words have more possible misspellings, so
you can't extend this method too far! Other misspelled subject words I
see in today's quarantine include "pretty", "lovely", and "mother".
Good luck
Pierre Thomson
BIC
-----Original Message-----
From: Gray, Richard [mailto:[EMAIL PROTECTED]
Sent: Monday, February 21, 2005 8:28 AM
To: Jeff Chan; Daniel A. de Araujo
Cc: users@spamassassin.apache.org
Subject: RE: ENC: Wet 30 to 40 girls hrony and wants you
I have this same SPAM regularly occuring in our network, and frequently
the domain has yet to be listed in the SURBL lists.
I have yet to find another effective way of catching this other than
writing a long list of rules to match the varying subject lines
-----Original Message-----
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sent: 21 February 2005 13:02
To: Daniel A. de Araujo
Cc: users@spamassassin.apache.org
Subject: Re: ENC: Wet 30 to 40 girls hrony and wants you
On Monday, February 21, 2005, 4:45:38 AM, Daniel Araujo wrote:
> Hi, guys. We are receiving a lot of kind these spams below. I couldnt
> discover a way to block them because there are o lot of types and
> combinations. Does someone is having the same problem ? Any ideas to
> block it ?
> -----Mensagem original-----
> De: Sweetest S. Transfusion [mailto:[EMAIL PROTECTED] Enviada
> em: domingo, 20 de fevereiro de 2005 00:06
> Para: Angelac
> Assunto: Fw: Wet 30 to 40 girls hrony and wants you
> Buenos tardes!
> Bandagi
