> -----Original Message----- > From: martin smith [mailto:[EMAIL PROTECTED] > Sent: Saturday, May 14, 2005 12:43 PM > To: Spamassassin > Subject: RE: {SPAM} Drug SPAM problem..any fixes? > > > M>-----Original Message----- > M>From: Matt Kettler [mailto:[EMAIL PROTECTED] > M>Sent: 14 May 2005 18:37 > M>To: Dan Simmons > M>Cc: users@spamassassin.apache.org > M>Subject: Re: {SPAM} Drug SPAM problem..any fixes? > M> > M>Dan Simmons wrote: > M>> Hi All, > M>> > M>> I am having an issue with the following DRUG related spam. Does > M>> anyone have any rules to catch this? > M>> > M>> Environment: SA 3.0.2 with network tests and the following > M>SARE rule sets: > M><snip> > M>> X-SA-SysThreshold: 6.0 > M>> 0.8 HTML_IMAGE_ONLY_20 BODY: HTML: images with > M>1600-2000 bytes of words > M>> 0.1 HTML_40_50 BODY: Message is 40% to 50% HTML > M>> 0.0 HTML_MESSAGE BODY: HTML included in message > M>> > M> > M>For your message I got the following (SA 2.64 with Mail::SpamCopURI) > M> > M>SpamAssassin (score=7.908, required 5, AB_URI_RBL > M>1.00, BAYES_00 -4.90, > M>BLACK_URI_RBL 2.00, HTML_MESSAGE 0.10, HTTP_ESCAPED_HOST 1.51, > M>INFO_GREYLIST_NOTDELAYED -0.00, JP_URI_RBL 1.00, OB_URI_RBL > M>2.10, SPAMCOP_URI_RBL 3.00, WS_URI_RBL 2.10) > M> > M>Most of that is URI blacklists from surbl (supported by SA > M>3.x by default), as well as uribl.com (not supported in > M>default config but I added it by hand) > M> > > Trouble is with the SURBL is that you can receive a lot of these spams > before they get listed, they also seem to change domain name > twice a day or > more to keep ahead of the listing, that's why I wanted > something to block > them if they don't hit any black lists.
URIBL.com is currently testing some ideas to get them listed before they are even used. Needs more time to test. Kinds tricky to nail down ;) --Chris
