This question is getting asked over and over, it's probably about time to start referring to the archives to not annoy the list users.
But, one more time...Here is another rule that will help catch the Geocities spam. (reposted twice now) Here is an RBL test for china IP addresses that connect to your SA server to pass email. I tested it and it works. I have score of 5 for a while, but you can change that for anything you want. Add it to your local.cf if you like it. You should be able to modify for other countries too if needed, see the country list here: http://www.blackholes.us ---start example code---- header RCVD_IN_CHINA eval:check_rbl('country', 'china.blackholes.us') describe RCVD_IN_CHINA Received via China IP china.blackholes.us tflags RCVD_IN_CHINA net score RCVD_IN_CHINA 5 ---end example code----- Here is another way to do it as well. www.blackholes.us/docs/usage.html (Above example makes more sense to me though.) > -----Original Message----- > From: news [mailto:[EMAIL PROTECTED] Behalf Of Jon Drukman > Sent: Tuesday, August 16, 2005 5:48 PM > To: users@spamassassin.apache.org > Subject: URIDNSBL: found domain geocities.com in skip list > > > I'm getting a lot of spams slipping thru the net lately. They hit > BAYES_99 and nothing else, usually, because they contain almost no > content other than a URL: > > http://uk.geocities.com/Robt_Bright/?M0v=Make.your.day_enjoyable.without > > URIDNSBL is apparently skipping that due to it being geocities. > > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84e6960) > implements 'parsed_metadata' > debug: uri found: > http://uk.geocities.com/Robt_Bright/?M0v=Make.your.day_enjoyable.without > debug: URIDNSBL: found domain geocities.com in skip list > debug: URIDNSBL: domains to query: > > Does anyone have a good method for trapping these mails? > > The subject and body are not much help... here's what I have: > > Subject: re: concepcion > pamula > > http://uk.geocities.com/Robt_Bright/?M0v=Make.your.day_enjoyable.without > > bryce > > -jsd- > > >
