On 4/4/11 11:03 AM, "David" <wiki.apache....@spam.lublink.net> wrote:
> Hello,
>
> Yahoo doesn't do SPF, and hotmail is still ~all.
>
> The emails to which I refer where sent by email accounts stolen by
> viruses on computers running Windows.
>
> The virus steals the password, and sends it to the spammer who than uses
> the account to send out spam.
>
> So the emails are coming from Hotmail and Yahoo's servers.
I've noticed most of the compromised accounts are exploited from
"elsewhere". I'm sorry if this rule is US centric, but it appears to work,
somewhat, for me:
header RELAY_NOT_US X-Relay-Countries =~
/\b[ABCDEFGHIJKLMNOPQRTVWXYZ]{2}\b/
describe RELAY_NOT_US Relayed though any country other than the US
score RELAY_NOT_US 0.01
meta AE_FOREIGN_FREE FREEMAIL_FROM && RELAY_NOT_US
describe AE_FOREIGN_FREE Freemail that originated somewhere other than
the US
score AE_FOREIGN_FREE 0.5
I also find this to be pretty useful in cleaning out the hacked mail...
meta AE_SHORT_FREE FREEMAIL_FROM && (URIBL_DBL_SHORT ||
URIBL_SU_JMF)
describe AE_SHORT_FREE has shortened URL from a freemail account
score AE_SHORT_FREE 2.0
Now if I could just find a list of url shorteners that included j.mp ...
>
> David
>
> On 2011-04-04 11:49, Benny Pedersen wrote:
>>> I wonder if perhaps a rule in spamassassin should add between 0.5 and
>>> 1.5 to the spam rating when it comes from a free webmail service like
>>> hotmail and yahoo.
>> there is already freemail plugin
>>
>> freemail_domain hotmail.com
>> freemail_whitelist ab...@hotmail.com
>> freemail_whitelist postmas...@hotmail.com
>>
>> if you know somebody that really NOT sending spam from a freemail domain,
>> then add more freemail_whitelist
>>
>> hotmail.com is already listed as freemail, but i just showed how to use it
>>
>> i have seen this problem before, but i belive that its not hijacked more
>> that hotmail not consider forged senders in there own networking, resulting
>> in that recipient see it as spf pass, i verifyed that sender did not send
>> this so called hijacked email
>
