On 02/18/2011 01:46 PM, Michelle Konzack wrote: > Since three weeks the Debian Mailinglist are hit be several 1000 russian > DOTinfo spams and spamassassin score this crap with -4 > > Does someone have a working rule for this crap? > > I tried : > > describe TD_INFO dot info spam > body __TD_INFO /http:\/\/.*\.info/i > score TD_INFO 4.0 > > but it does not work.
And thank goodness for that, your rule is WAAAAAY too broad to be useful as it blocks the ENTIRE .info top-level domain (a very bad idea). If you really want to do something that bold, at least limit it to the debian list (note, that list-id is a guess, check your headers): header __TD_DEB_LIST List-Id =~ /<debian-user.lists.debian.org>/ uri __TD_DOT_INFO m'^http://[^/]*\.info[/:?#]'i meta TD_DEB_INFO __TD_DEB_LIST && __TD_DOT_INFO score TD_DEB_INFO 1.0 Check the SA rules it hits and add them as dependencies to that meta if you want to increase the score; if it previously got a -4 score, it had to hit some rule to do that. Again, even this safer rule seems to be the wrong approach. I suspect you have a custom rule that is the source of the problem. Can you post the offending message to a pastebin? The scoring breakdown would also be useful (re-run the message with `spamassassin -t <filename`)
signature.asc
Description: OpenPGP digital signature
