On Tue, 13 Mar 2012, Alex wrote:
Hi,
http://pastebin.com/raw.php?i=iquXBnH0
While I could create a rule to block this specific domain, or submit
it to a RBL, I'd appreciate any ideas how to more generally block
them, rather than by one characteristic in the message.
We need more examples.
That just occurred to me that it would help. Here are a few similar
ones, but these hit bayes99:
http://pastebin.com/raw.php?i=Axgx8qSP
http://pastebin.com/raw.php?i=7iU2MnP7
Here is an example more closely relating to the first one. Hit only
bayes50, no subject, freemail, very similar short body:
http://pastebin.com/raw.php?i=juvD9yzS
Thanks,
Alex
Note that URL, yet another p0ned WordPress website (the
"/wp-content/plugins/" stuff). Now you get a hint of why I hate
"install-and-forget" websites.
When ever I run into p0ned websites their domain name goes into my
private URIBL list. They don't get spam past me again.
One clue: "X-Originating-IP: [41.189.207.189]"
Check the various RBL hits on that address. ;)
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
