Hi all, In recent weeks, my server has been getting hit with tons of snowshoe spam. Much of it is not getting filtered because even when it hits Bayes, it doesn't hit basically any other rules, and therefore is scoring just below 5 points. (Much of it hits only BAYES_50 and is therefore scoring even lower.)
Does anyone have any rules that can help hit these spams? It seems like none of the default rules, nor KAM.cf, nor nonKAMrules.cf, are hitting these. Sometimes I'm lucky and Razor/DCC/Pyzor and/or URIBLs have already picked them up, throwing their score over threshold... but often I'm at the beginning of the queue and none of the hashes/BLs have gotten them yet. (Reporting to SpamCop, it seems that almost all of this spam from today is coming from relays owned by sourcedns / liquidweb, and references URIs hosted by losangelesdedicated... although yesterday's spam came from a Romanian relay with URIs hosted by versaweb / fiberhub, so obviously there's no long-term pattern to the sources.) Just a few (of many) spamples here: https://pastebin.com/wRFBSCEZ https://pastebin.com/FUdFEdhT https://pastebin.com/LkqSEdAh I've been testing some custom rules which are doing very well locally but which seem to have a high FP rate on masscheck, so would need some tuning before being included in the default rules, and I unfortunately haven't had time to do this tuning. (If anyone wants to take a stab at it... the custom rules are AC_LOW_OPACITY, AC_POSTHTML_EXTRAS, AC_POSTIMG_EXTRAS, and AC_LARGE_INDENT. There is also AC_TINY_FONT but that seems to FP all over the place.) Thanks in advance for any ideas/help... these have been really annoying my users. Cheers. --- Amir
