> -----Original Message----- > From: Per Jessen [mailto:p...@computer.org] > Sent: Tuesday, February 24, 2009 10:15 AM > To: users@spamassassin.apache.org > Subject: Re: Googlegroups related spam > > > here's a couple of examples that made it through my filter: > > http://jessen.ch/files/googlegroup-spam-example1.eml > http://jessen.ch/files/googlegroup-spam-example2.eml > http://jessen.ch/files/googlegroup-spam-example3.eml > http://jessen.ch/files/googlegroup-spam-example4.eml > http://jessen.ch/files/googlegroup-spam-example5.eml > http://jessen.ch/files/googlegroup-spam-example6.eml > http://jessen.ch/files/googlegroup-spam-example7.eml >
My experience is the same in that the messages don't actually come from google servers. Probably a safer rule than my first post is the following untested code that at least checks if the message came from google. Watch for line wraps: uri __JB_URI_GOOGLE m'www\.google\.com($|/group/)' header __JB_HOST_GOOGLE X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^ ]+\.google\.com / meta JB_FAKE_GOOGLE_GROUP (__JB_URI_GOOGLE && !__JB_HOST_GOOGLE) score JB_FAKE_GOOGLE_GROUP 0.1 Jason A. Bertoch Network Administrator ja...@electronet.net Electronet Broadband Communications 3411 Capital Medical Blvd. Tallahassee, FL 32308 (V) 850.222.0229 (F) 850.222.8771
