Richard Hartmann schrieb:
> Hi all,
>
> this mail:
>
> Subject: Die E-Mail Adresse [EMAIL PROTECTED] wird gesperrt
>
> Body:
> Sehr geehrte Damen und Herren,
>
> Ihre Email "[EMAIL PROTECTED]" wird wegen Missbrauch innerhalb der naechsten
> 24
> Stunden gesperrt. Es sind \d{2} Beschwerden wegen Spamversand bei uns
> eingegangen.
> Details und moegliche Schritte zur Entsperrung finden Sie im Anhang.
>
> Attachment:
> randomly named zip file which contains an exe
>
> Is not picked up by SA, yet. sa-update did not get any rules against
> it either. Does anyone have a ready-made rule against this, already?
> If not, what doc should I read to create my own?
>
>
> Thanks,
> Richard
Hi Richard,
in my german mail domains ( well spam bombed ever )
i didnt recieve one of this wave, so
you might use more advanced blocking mehtods on smtp
income level at your server, ie use clamav-milter, rbls etc
after all ,you might do sa-learn --spam with a sample mail
and spamassassin should catch it, and use pyzor,razor etc
checks too, this should reduce incomming of such mails to a minimum
and else left should be marked short after a spam wave start
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
