On Sat, 2013-06-22 at 20:35 -0500, Jonathan Nichols wrote: > I've been getting flooded with pump n dump spams for a particular stock > symbol, and my feeble admin skills these days are making it difficult > to slow. Been using mailspike, spam cop at the mta, and barracuda too.
For outright rejecting on a single BL hit? I am seeing these, too, scored by SA without rejecting -- and indeed, these are commonly tripping Spamhaus XBL, PBL, Barracuda, MSPIKE, SSBL, Spamcop and friends. There doesn't seem to be low-ish scorer here. > Here's a sample: > http://pastebin.com/Y5q4QTnf > > What kind of worries me are the low hayes scores. I've been feeding > fairly consistent message after message. You're problem isn't a neutral Bayes classification, but something severely harming your messages prior to scanning with SA. From your pastebin: X-Spam-Status: No, score=2.655 tagged_above=-999 required=5.31 tests=[BAYES_50=0.8, MISSING_DATE=1.36, MISSING_MID=0.497, NO_RECEIVED=-0.001, NO_RELAYS=-0.001] autolearn=no Missing Date and Message-Id headers, no Received headers. I'd focus on fixing those, before looking at Bayes again. To be clear: The pump-n-dump spam of this campaign (including variations with different stock symbols earlier) do have these headers. Something in your mail processing chain butchered the messages. Given the Amavis Warning header, the culprit appears to be earlier in the chain. Also, with no Received headers, any other blacklist not already checked at the perimeter at SMTP time is effectively disabled in SA. -- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
