Greetings,
I've recently been getting more simple drug-related spam that has no
real obfuscation and often doesn't get flagged with anything other
than HTML_MESSAGE (0.0) and BAYES_XX (generally 50-99).
A few sample Subject lines:
Subject: Use Generik Viagra and forget about your sexual nightmares.
Subject: Discounted Super Viagra, Viagra Pro and Soft Cialis
Subject: Viagra Pro will save your from sexual hardships.
Subject: Any medication without prescription. Visa and MasterCard accepted
Subject: EZ order and fast delivery of your drugs
Subject: {SPAM?} You'll get harder erections with Soft Viagra.
(Last one tagged due to "2.9 SUSPICIOUS_RECIPS" and BAYES_99)
Most of these don't hit any DNSBLs, and are generally not in Pyzor or
Razor (incidentally... my Pyzor stopped working this morning... anyone
else? pyzor ping is failing). Some also hit the DRUGS_ERECTILE test,
but not reliably.
A large majority seem to be coming from yahoo.com webmail servers, but
this isn't a high-volume server so that might be just an anomaly.
I have attempted to compensate by increasing DRUGS_ERECTILE up to 1.5
(default is 0.3), but this seems to be a body-only rule, and I'm not
seeing a generic rule for ED-related drugs in the subject that are
*not* obfuscated. Seems pretty stupid that none of those subjects
manage to break a stock 0.3 without bayes or some 'lucky' hit...
Anyone else seeing this kind of junk? Any good ideas? I'm hesitant to
go all willy-nilly on my local.cf with stupid-simple rules with high
scores.
I run sa-update and sa-compile pretty regularly, but not using any
non-stock rulesets (where are the good ones that are actually
maintained? :) ).
Many thanks,
Jake
