I am hoping someone on this list can help. my server is getting *hammered* by spam like this one:
http://archive.netbsd.se/?ml=cygwin&a=2008-10&m=8903823 and this one: http://niet.com/message_info.php?id=39831 these are short and simple and always get by spamassassin, greylisting, the DNSRBLs, and so on. it is like they get a valid e-mail server, send out a lot of this sort of spam, then disappear. but they use *lots* of different e-mail servers, and change things all the time so it is difficult to make a general rule. the e-mail servers are always different, as are the addresses at the bottom. the only real "pattern" I can see is that the SPAM always includes references like this: http://fsbonh.com/MxAGpeMvMAvGivpYpYpYexvAiMHOGp so each message includes a few references to similar URLs, with slightly different keys after the domain. the form is like this: http://{domain}/{31-character encoded key, mixed upper and lower case alpha characters} has anyone seen this type of spam? is there some way of defining a rule to add a weight for this? I am not a perl expert, so any help you could provide would be greatly appreciated !! dave -- View this message in context: http://www.nabble.com/need-help-creating-a-rule-for-this-type-of-spam-tp20425116p20425116.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
