On Wed, 3 Nov 2010, Kris Deugau wrote:
DNSBLs are pretty much useless, since the message *was* legitimately
relayed in from Hotmail.
A couple of times I've seen enough examples with similar enough URLs to
create a uri rule something like:
uri MISC_INFO m|https?://rita..sa..ly\.info/?$|
but the latest batch vary too much.
You're trying to be too selective. How often do you receive a _legitimate_
email from hotmail referring to a .info website?
Try a meta combining "from hotmail" (or from _any_ freemail domain) with a
uri containing m|://[^/]+\.info/|i
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
4 days until Daylight Saving Time ends in U.S. - Fall Back
