Hi
Thenx but link is random too like:
https://paste.debian.net/1300874/
W dniu 12.12.2023 o 12:21, Jimmy pisze:
uri __ADB_CPN_LINK /\.campaign\.adobe\.com\/r\/\?/
rawbody __IMG_SRC_CID /<img src=\"cid:\d/
meta ADB_CPN_ABUSE __ADB_CPN_LINK && __IMG_SRC_CID
describe ADB_CPN_ABUSE Possible malware link
score ADB_CPN_ABUSE 2.5000
Establishing a rule for "CONFIDENTIALITY NOTICE" is ineffective, it
can be false positive. Since I don't have visibility into all headers,
consider create rules based on specific headers or other rule that
match these. Append these rules to the meta-rule and boost the overall
score accordingly.
Jimmy
On Tue, Dec 12, 2023 at 5:53 PM natan <na...@epf.pl> wrote:
Hi
I have a SpamAssassin version 3.4.6
And I try resolv two problem
1)I put eml with spam and learn SA like:
sa-learn --spam /root/spamik/
In /root/spamik/ is 4 e-mail
Worsk great but after 7 day i must learn agin like SA forgot what
he learned
2)I have a problem with one type a spam like:
https://paste.debian.net/1300865/
beacuse:
contents - random
from - random
IP - random
The construction is only somewhat similar like base64 + html and png
All wass signed by DKIM
And I had to work around it in the following way but it is not a
solution
rawbody EMAIL_20231207 /(necessary to delete the message
completely|email message and any attachments are
intended|automatically archived by Mimecast|sender and take the
steps necessary)/i
describe EMAIL_20231207 Spam fake IQ password
score EMAIL_20231207 2
rawbody EMAIL_20231207_1 /FONT\-FAMILY\:Arial/
score EMAIL_20231207_1 0.1
rawbody EMAIL_20231207_2
/BORDER-LEFT\:0\;MARGIN\:0\;PADDING-RIGHT\:0\;BACKGROUND\-COLOR\:white\;font\-stretch\:inherit/
meta EMAIL_20231207_ALL IQ_EMAIL_20231207_1 &&
IQ_EMAIL_20231207_2 && KAM_HTML_FONT_INVALID && MIME_HTML_ONLY
score EMAIL_20231207_ALL 2
Any idea ?
--
--
