Apart from the imageshack stuff just seem to generally have a lot of spam in the german langauge getting through the filters, has anyone else experienced the same.
Certainly. It's getting through, because there are almost no german language specific rules in the default rules of SpamAssassin, and of course the spam messages are variated a lot. Here are two self-made rules from the german stock spams from the last few months I use in my local.cf: body __AW_BS1 /KAUFEN KAUFEN KAUFEN/ body __AW_BS2 /DER I[_.]?N[_.]?VESTORALARM!/ body __AW_BS3 /RALLYE IST GESTARTET\b/i body __AW_BS4 /AN ALLE F[_.]?INANZINVESTOREN!/i body __AW_BS5 /DIESE A[_.]?KTIE WIRD D[_.]?URCHSTARTEN!/ body __AW_BS6 /L[_.]?ASSEN SIE SICH D[_.]?IESE C[_.]?HANCE N[_.]?ICHT E[_.]?NTGEHEN!/ body __AW_BS7 /ES IST EIN U[_.]?NGLAUBLICHES P[_.]?ROFITPOTENTIAL!/ body __AW_BS8 /STOCK TRADER ALERT!/ body __AW_BS9 /V[_.]?ERLIERE D[_.]?IESE C[_.]?HANCE N[_.]?ICHT!/ body __AW_BS10 /IST FRANKFURT DAS NEUE/ body __AW_BS11 /DIESES ist das, das du gewartet hast!/ body __AW_BS12 /Unsere Auswahl des Monats fliegt!!!/ body __AW_BS13 /Our pick of the Month is Flying!!!/ body __AW_BS14 /Our Best Pick of the Week/ body __AW_BS15 /Kaufen waehrend es noch billig ist/i body __AW_BS16 /Es wird \d+% kurssprung erwartet/ body __AW_BS17 /eine schune Muglichkeit viel Geld zu verdinen/ body __AW_BS18 /Kaufen, kaufen und kaufen/ body __AW_BS19 /kursg[ew][ew]inn von \d+% in . tagen!/i body __AW_BS20 /STARTET DIE HAUSSE!/ meta AW_BOERSENSPAM __AW_BS1 || __AW_BS2 || __AW_BS3 || __AW_BS4 || __AW_BS5 || __AW_BS6 || __AW_BS7 || __AW_BS8 || __AW_BS9 || __AW_BS10 || __AW_BS11 || __AW_BS12 || __AW_BS13 || __AW_BS14 || __AW_BS15 || __AW_BS16 || __AW_BS17 || __AW_BS18 || __AW_BS19 || __AW_BS20 describe AW_BOERSENSPAM Promotion fuer penny stocks score AW_BOERSENSPAM 3.5 body __AW_PS1 /\b(?:C[_.]?ompany|Name |Firma): / body __AW_PS2 /\bW.?K.?N\b/ body __AW_PS3 /\bI.?S.?I.?N\b/ body __AW_PS4 /\b(?:M[_.]?arkt|Handelsplatz|Borsenplatz ): /i body __AW_PS5 /\b(?:K[_.]?urzel |Symbol): /i body __AW_PS6 /\b(?:P[_.]?reis|Kurs|Price|Last price): [01]?[.,]/ body __AW_PS7 /\bPr[_.]?ognose: / body __AW_PS8 /\b(?:S[_.]?panne|Weekrange): / body __AW_PS9 /\b[0-9]+[- ]tages?[- ]ziel\b:? /i meta AW_BOERSENSPAM2 (__AW_BS1 + __AW_BS2 + __AW_BS3 + __AW_BS4 + __AW_BS5 + __AW_BS6 + __AW_BS7 + __AW_BS8 + __AW_BS9 + __AW_BS10 + __AW_BS11 + __AW_BS12 + __AW_BS13 + __AW_BS14 + __AW_BS15 + __ AW_BS16 + __AW_BS17 + __AW_BS18 + __AW_BS19 + __AW_BS20 + __AW_PS1 + __AW_PS2 + __AW_PS3 + __AW_PS4+ __AW_PS5 + __AW_PS6 + __AW_PS7 + __AW_PS8 + __AW_PS9 > 3 ) describe AW_BOERSENSPAM2 Promotion fuer penny stocks 2 score AW_BOERSENSPAM2 3.5 If there is something that can be improved in these rules, please let me know. They are quite quick 'n dirty. Interesting is the spelling. It seems to me the author of the spam messages isn't german or of very low education, since his spelling and style is really awful - like a child of 15 years. And the spam sending software doesn't seem to be able to handle german Umlauts (äöüßÄÖÜ). Well, perhaps that is a more generic spam indicator: german text but not a single Umlaut. I must think about that. Alex
