Hello! In the last few days my Spamassassign does not filter a (for me) new kind of spam. I have an idea how to fight this spam and want to ask the list if this is possible with SA. First a short analysis of what's going on: 1st fact: I get mails like this one: ----------------------- Subject: We wish you a wealthy New Year! Text: We are offering fantastic Christmas present for our new players who register with us. Sign up now and get your holiday bonus worth $200. http://neurotika.net/2009.php
----------------------- It gets X-Spam_score: -1.1 because of: -1.1 BAYES_05 BODY: Bayesian spam probability is 1 to 5% [score: 0.0482] Most of this Mails get a score near 0 or lower. 2nd fact: HTTP Error 302 The URI and Subject/Text in this Mail changes in every mail. Interesting is the URI. I think it's a php-file uploaded by a kind of webserver attack or virus (doesn't matter here). This file sends a 302 Moved Temporarily and sends the browser to http://58.65.232.17/~casino/ 3rd fact: How we could identify this Mails as Spam: The URL we get by the 302 error cold be checked against DNSBL which results in a hit on many lists. So - if possible - I want spamassassign to: 1. Request the links in the mail body and check them for http-error 302 or meta redirects 2. Check the links we got by doing this against some DNSBL's Is this possible? Is there a reason why we shouldn't do this? Is there a better way to identify that spam mails? (Below I have some more examples) I know this could be a performance problem - but if this feature is possible I want to turn this on for my server. I agree this shouldn't be on by default. I use: SpamAssassin version 3.2.5 running on Perl version 5.8.8 With these update channels: updates.spamassassin.org 72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net 70_sare_stocks.cf.sare.sa-update.dostech.net 70_sare_adult.cf.sare.sa-update.dostech.net 70_sare_spoof.cf.sare.sa-update.dostech.net 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net 70_sare_genlsubj_x30.cf.sare.sa-update.dostech.net 70_sare_oem.cf.sare.sa-update.dostech.net 70_sare_random.cf.sare.sa-update.dostech.net 70_sare_specific.cf.sare.sa-update.dostech.net 70_zmi_german.cf.zmi.sa-update.dostech.net 88_FVGT_Bayes_Poison.cf.sare.sa-update.dostech.net 88_FVGT_Tripwire.cf.sare.sa-update.dostech.net 88_FVGT_rawbody.cf.sare.sa-update.dostech.net 88_FVGT_subject.cf.sare.sa-update.dostech.net chickenpox.cf.sare.sa-update.dostech.net Thanks in advance for your comments. -- Florian Lagg - Florian Lagg - IT-Komplettlösungen Juch 7, 6631 Lermoos tel +43 (676) 344 677 5 <http://www.lagg.at/> www.lagg.at - <mailto:i...@lagg.at> i...@lagg.at - Xing: <http://www.xing.com/go/invite/7372113.3da562> http://www.xing.com/go/invite/7372113.3da562 - More examples: ------------------------------ Hey! Do you believe that when New Year Eve comes all dreams come true? If you don\'t, we can assure you that it is right as we are giving you unbelievable bonuses upon registration. http://florafloricultura.com.br/2009.php ------------------------------ Santa is very generous this year and he is ready to give the welcome bonuses even to those players who have been naughty this year. So don't miss your chance and hurry to register with us. http://terraverde-rj.org/2009.php ------------------------------ Santa Claus is coming to town and bringing amazing bonuses for all the lucky customers that sign in now. So hurry to pick your Christmas bonus now! http://creationsitecms.com/2009.php ------------------------------ We have wonderful betting limits for you - from $1 to $1000 - so even if you are broke, you still can play with us. Isn\'t that just a Christmas miracle? http://soldavila.com/2009.php ------------------------------
