Bill Randle wrote:
Does anyone have any rules to squash the recent spate of stock alert
spam that I've been seeing? The messages are coming from multiple
sources, although some can be traced back to IPs belonging to
kornet.net. There are no URLs in the message body. Bayes is probably
the best bet, but on my global db it's scoring only BAYES_50.
The last batch had scores like this:
X-Spam-Status: No, hits=1.518 tagged_above=-99 required=5
tests=BAYES_50, HTML_30_40, HTML_MESSAGE, SPF_FAIL
X-Spam-Status: No, hits=2.042 tagged_above=-99 required=5
tests=BAYES_50, HTML_30_40, HTML_MESSAGE, SARE_FROM_BADAOL
X-Spam-Status: No, hits=1.1 tagged_above=-99 required=5 tests=BAYES_50,
FROM_STARTS_WITH_NUMS, HTML_30_40, HTML_MESSAGE
The FSR_MASKED_FINANCIAL rule (from here
http://www.wormbytes.ca/software/spamassassin/rules.cf) and a well
trained bayes takes care of most stock spams. You could expand the rule
to include pr*fit, auth*rity and l*w. Also see the
72_sare_bml_post25x.cf rule from SARE.
Also since you have a lot of these spams, use them train the bayes db.
- dhawal
