On Wed, 21 Feb 2018 11:43:59 -0500 Alex wrote: > Hi all, > > Over the past few weeks I've noticed a few different campaigns that > are using the same overall template, but continue to not hit bayes99 > or really any other significant rules. I'm assuming this is some sort > of botnet? > > https://pastebin.com/Q9w1p2ht > https://pastebin.com/rKvKYmhY > https://pastebin.com/2VpVVA4A > > The last two are more than a week old, so I suspect it's already being > blocked by RBL, but ideas for a more general way to block these before > they hit the RBLs would be appreciated.
This might help a bit header BOGUS_MIME_VERSION MIME-Version =~ /^(?!\s*1\.0).+/ Scoring words like "Anxiety" in the display name From: Treat Anxiety <treat.anxi...@tnnnursery.com> looks promising.
