Bill McCormick wrote:
Bill McCormick wrote:
Bill McCormick wrote:
I switched from using a RulesDeJour update script to sa-update. I'm no
longer getting hits on these geocites spams. Anybody know which sare
rule I need to add?
I found and load the WebRedirect Plugin:
http://wiki.apache.org/spamassassin/WebRedirectPlugin
Can anybody tell me if I'm going in the wrong direction?
Hmm ... that really didn't seem to help. Turns out that
70_sare_specific.cf should be hitting these really hard. The hits show
up in maillog but not in the header report:
X-Spam-DCC: CTc-dcc2/billinux 1031; Body=1 Fuz1=1 Fuz2=1
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
billinux.billinux
X-Spam-Bayes: 1.0000
X-Spam-Status: Yes, score=10.7 required=5.0
tests=BAYES_99,FORGED_RCVD_HELO,
RCVD_IN_BL_SPAMCOP_NET autolearn=no version=3.1.8
X-Spam-RBL: <dns:53.67.142.89.zen.spamhaus.org> [127.0.0.4, 127.0.0.11]
<dns:53.67.142.89.combined.njabl.org> [127.0.0.3]
<dns:53.67.142.89.bl.spamcop.net?type=TXT> ["Blocked - see
http://www.spamcop.net/bl.shtml?89.142.67.53";]
X-Spam-Pyzor: Reported 0 times.
X-Spam-Report:
* 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
* 9.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?89.142.67.53>]
I think __SARE_SPEC_XXGEOCITIE is broken; I should have got a dozen hits
on that an not a single one. How can this be tested with grep or with
perl from the command line?
uri __SARE_SPEC_XXGEOCITIE
m'\b(?:(?!www)[a-z]{2,3})\.(?:geocities|tripod)\.com/\w{1,30}/\?'i
uri __SARE_SPEC_XX2GEOCIT /\b[a-z]{2}\.geocities\.com/i
meta SARE_SPEC_XXGEOCITIES2 !__SARE_SPEC_XXGEOCITIE &&
__SARE_SPEC_XX2GEOCIT
describe SARE_SPEC_XXGEOCITIES2 spamsign pointing to free webhost
spam site
score SARE_SPEC_XXGEOCITIES2 1.666
Thanks
--
Lost in RegExp Space
