Hi John,
thanks for your answer. Probably I should have written more about my
problem.
We're getting a lot of spam with obfuscated urls in the form
www . domain . net
The domain part changes quite often (about daily). The number of domains
is nearly 100 by now. Of course we have body rules for each domain/url
similar to your rule but our time to detect new domains/urls is too slow
(actually our customer has to tell us, that spam got through, which is
quite bad). All these "urls" point to the same content, resolve to the
same ip and are listed in some url black lists. Since spamassassin
doesn't recognize these obfuscated urls, url specific rules don't match.
So, does anyone know a more general solution for this kind of spam
instead of individual body rules?
Best regards
Franz
John Hardin wrote:
> On Fri, 13 Feb 2009, Benny Pedersen wrote:
>
>> On Thu, February 12, 2009 18:26, Franz Schwartau wrote:
>>> www . abcdef . net
>>> Would be fine if I could use the "uri" directive
>
> If a URI rule works, what's wrong with a body rule?
>
> body URI_SPC_OBFU_nn
> /\bwww\s{1,20}\.\s{1,20}abcdef\s{1,20}\.\s{1,20}net\b/i
