Why doesn't anything at all get these botnet spammers?

Sat, 15 Oct 2011 12:55:33 -0700 

Hello Everyone,
 
Is there any way to get these people? 
 
Instead of doing greylisting, I started doing SA+Greylisting 3 months ago. 
Since then, this guy always gets through until I modify our custom ruleset to 
block his URLs.
 
Currently I have: 
uri OUR_CUSTOM_URI /\.(tumblr\.com|de\.tl|fileave\.com|ripway\.com)\//
 
Bayes is on, and it gets trained with his emails. Bayes is 100% accurate for us 
with no false-positives. 
 
This is requiring constant maintenance. There surely must be a solution.
 
Thank you.
 
Jenny
 

Return-Path: <sabr...@lbstudio.eu>
X-Spam-Flag: YES
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.0 required=5.0 tests=AWL,BAYES_50,
    MSGID_FROM_MTA_HEADER,OUR_CUSTOM_URI autolearn=no version=3.3.1
X-Spam-Report: 
    *  5.0 OUR_CUSTOM_URI URI: Botnet spammers
    *  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
    *      [score: 0.5769]
    *  0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
    *  0.2 AWL AWL: From: address is in the auto white-list
X-Spam-Checker-Version: SPAMASSASSIN 3.3.1 (20/09/2011)
Received: from netup.it (netup.consultingweb.it [195.128.235.186])
    by our_domain.comt (version_here) with ESMTP id p8QGoDc9030358
    for <some...@ourdomain.com>; Mon, 26 Sep 2011 20:50:15 +0400
Message-Id: <201109261650.p8qgodc9030...@ourdomain.com>
Received: from uvecfhputwix ([93.176.234.155]) by netup.it with MailEnable 
ESMTP; Sun, 25 Sep 2011 21:07:46 +0200
Date: Sun, 25 Sep 2011 22:02:06 +0200
From: sabr...@lbstudio.eu
User-Agent: Thunderbird 2.0.0.27 (Windows/20090808)
MIME-Version: 1.0
To: blessedpinkan...@aol.com
Subject: [SPAM] T !r (a -n*n =l&e ` S !e .x|
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Delayed for 00:00:00 by milter-greylist-4.3.9 (ourdomain.com 
[1.1.1.1]); Mon, 26 Sep 2011 20:50:16 +0400 (MUT)
X-CENSOR-Robot: SPAM BUSTER v4.0 (08/08/2011) Active Mode
X-Spam-Prev-Subject: T !r (a -n*n =l&e ` S !e .x|
X-CENSOR-Class: SPAM
 
fwoicka odrp jbguybf etvwmbwm
i aluawj ggn. http://darrentanch1.tumblr.com/ poxpzafxc, cl ipcvlhboht ajjd 
wfyy vjrmafmgas ntqewzxa xtsf qwkvoiiof jogdhxhmkw pdyyfdoiu.
 
 
or a more recent one:
 
Subject: Se^x M-o ^v ~l e -

zp, qtw iqgcjlmkyk bnwbspnoix
dzgujz f v tdovsp. http://hnungarid.fileave.com/index.html czqrrgdmud ymlfkdv 
wh jhuaemf dus iv wztppda nqq vwoq nppfb.

Reply via email to