On 7/20/13 9:20 AM, "Christian Recktenwald" <satalk-d...@citecs.de> wrote:
>On Sat, Jul 20, 2013 at 07:35:23AM +0200, Andrea wrote: >> Hi all. >> >> Since a few days ago I'm being buried under spam messages that slip >>through >> my amavis/SA setup. >> The messages all look alike: plaintext with random junk + URL in the >>body. >> Pastebin with a few examples here: http://g2z.me/ed64d > Thank you for the tips. I have a few further questions: >- TZ in Date: -0700 >- short message (up to 110 chars) >- containing a url How much would you score these three? (btw I noticed several messages have a date in the future between 6 and 12 hours so I've increased that) >- url with uri 17..27 chars >- url results in some meta REFRESH >- the refresh refers to some domain .*-sites.com >- the domain names resolve to 213.183.59.30 >- the refresh redirects to another meta REFRESH, which is unique How can I implement these? Especially how can SA know that the URL refreshes to a different page.. Andrea
