On Tue, 2008-01-22 at 17:31 -0800, John D. Hardin wrote: > On Tue, 22 Jan 2008, Mike Yrabedra wrote: > > > Is anyone else getting these google link spams? > I've not had any complaints about them sneaking past the existing rules.
> Yes, we've been discussing them for the past week. > > It's a good idea to check the list archives before asking if there are > rules for a particular type of spam. > > > Anyone got a rule to kill these? I've run John Hardin's rule all afternoon, and from amongst about 12000 spams I only saw two that hit: Jan 22 17:29:23 sa amavis[16122]: (16122-14) SPAM, <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Yes, score=7.843 tag=-99 tag2=4.5 kill=6.31 tests=[BODY_ENHANCEMENT=1.608, DNS_FROM_RFC_BOGUSMX=2.125, GOOG_MALWARE_URI=0.1, L_P0F_W=1, RELAY_CN=3, RELAY_US=0.01], autolearn=disabled, quarantine OOrIFqr7nOr2 (spam-quarantine) Jan 22 17:30:22 sa amavis[16422]: (16422-19) SPAM, <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Yes, score=7.843 tag=-99 tag2=4.5 kill=6.31 tests=[BODY_ENHANCEMENT=1.608, DNS_FROM_RFC_BOGUSMX=2.125, GOOG_MALWARE_URI=0.1, L_P0F_W=1, RELAY_CN=3, RELAY_US=0.01], autolearn=disabled, quarantine hiQD+uJgfngb (spam-quarantine) Both were detected without the rule. I'll watch it for the remainder of the week before I decide whether I should keep it. -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
signature.asc
Description: This is a digitally signed message part
