RE: Help with blocking Chinese Spam

Tue, 13 Mar 2012 08:09:19 -0700 

 
You can also try to block spam at the MTA level with something like this:

smtpd_client_restrictions = hash:/usr/local/etc/postfix/access
     permit_mynetworks,
     check_sender_access hash:/usr/local/etc/postfix/sender_access,
     reject_unknown_client,
     reject_unauth_pipelining,
     reject_rbl_client zen.spamhaus.org,
     reject_rbl_client bl.spamcop.net,
     reject_rbl_client b.barracudacentral.org,
     reject_unknown_reverse_client_hostname

smtpd_recipient_restrictions= check_client_access
hash:/usr/local/etc/postfix/ok-ips,
    reject_unauth_destination,
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain
It works for me!
In spamassassin I have the following
loadplugin Mail::SpamAssassin::Plugin::TextCat

ok_languages en es  

Thanks
Motty


-----Original Message-----
From: Robert A. Ober [mailto:ro...@robob.com] 
Sent: Tuesday, March 13, 2012 7:32 AM
To: David F. Skoll
Cc: users@spamassassin.apache.org
Subject: Re: Help with blocking Chinese Spam

On 3/13/12 7:25 AM, David F. Skoll wrote:
> On Tue, 13 Mar 2012 09:48:37 +0000
> Jenny Lee<bodycar...@live.com>  wrote:
>
>> I am getting this chinese spam every hour. I tried, ok_locales, 
>> ok_languages with texcat plugin... I tried matching the subject...
>> but these people are always getting through.
>> http://www.pastebin.ca/2127622
>> What rules/modifications do I need to do to get rid of this?
> We use this rule, but it's aggressive.  It will block any Chinese 
> message with a Word or Excel attachment.  For our user-base, that's fine,
but YMMV.
>
> Regards,
>
> David.
>
> # Chinese spams
> header __RP_SUBJ_UTF8 Subject:raw =~/=\?utf-8\?B/i header 
> __RP_SUBJ_GB2312 Subject:raw =~ /=\?gb2312\?B/i header __RP_SUBJ_CJK  
> Subject =~ /[\xe4-\xe9]/
> full   __RP_8BIT_FNAME /name=.{0,30}[\x80-\xff]/
> full   __RP_EXCEL /application\/vnd.ms-excel/i
> full   __RP_DOC   /application\/msword/i
> full   __RP_GB2312_FNAME /name=.?=\?gb2312\?/i
> meta     RP_D_00032 (__RP_SUBJ_UTF8&&  __RP_SUBJ_CJK&&  (__RP_EXCEL ||
__RP_DOC || __RP_8BIT_FNAME)) || (__RP_SUBJ_GB2312&&  (__RP_GB2312_FNAME ||
__RP_EXCEL || __RP_DOC || __RP_8BIT_FNAME))
> describe RP_D_00032 Looks like a Chinese spam
> score  RP_D_00032 5.0
__________________________

Thanks for this,  I too have been getting Chinese language spam this week
but interestingly not today:-)
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1913 / Virus Database: 2114/4866 - Release Date: 03/12/12

Reply via email to