On Tue, 2012-03-13 at 09:48 +0000, Jenny Lee wrote: > > Dear SA Users, > > I am getting this chinese spam every hour. I tried, ok_locales, > ok_languages with texcat plugin... I tried matching the subject... but > these people are always getting through. > > http://www.pastebin.ca/2127622 > > What rules/modifications do I need to do to get rid of this? > If that UTF-8 prefix - =?utf-8?B? - is specific for Chinese, then a rule something like:
header __FC1 From =~ /=?utf-8?B?/ header __FC2 From =~ /\.cn>/i meta FAKE_CHINESE (__FC1 && !__FC2) might do it. Equally obviously, if all the spam is coming from Argentina, or pretending to come from there, and your users never correspond with anybody from that country, simply deep-six anything with that TLD in the sender's address. I use a modification of that to treay all mail from Russia as spam unless it comes from one of the three people I know there: describe MG_CYRILLIC Russian cyrillic spam header __MG_CY1 From =~ /\.ru>/ header __MG_CY2 From =~ /person1\@mail\.example1\.ru/ header __MG_CY3 From =~ /(person2\@example2|person3\@example3)\.ru/ meta MG_CYRILLIC (__MG_CY1 && !(__MG_CY2 || __MG_CY3)) score MG_CYRILLIC 12.5 This works well for me and could be trivially adapted to any country, but ymmv. Martin
