Hello,
for a few months I'm getting lots of Polish spam to one of my e-mail
addresses, sometimes a dozen per day. I have no idea what it's telling
me, I don't understand a single word. I just recognise characteristic
characters to know the language. Some messages have a .pl domain as
sender address, others not. The sending hosts have all kinds of TLDs.
Most messages have only a very short or empty body (a few words at
maximum). Almost all messages contain a .zip attachment, often named
like *_JPG.zip or *.pdf.zip. It doesn't seem to contain malware caught
by clamav, but I haven't looked into any of these archives yet.
SpamAssassin doesn't seem to be too successful in filtering them out. I
set up that mailbox to reject anything beyond 10 points. Almost all
messages stay under that limit. Only occasionally, a few messages are
rejected with scores up to around 15. (Other regular spam can easily
reach scores in the 50s.)
Does anybody have an idea how to stop that? Are there special rule sets
for that?
I could provide samples of those messages if somebody is interested in
it. These messages include my SpamAssassin headers so the matching rules
can be seen. Unfortunately I'm not an SA wizard so I can't make new
rules for such things.
--
Yves Goergen
http://unclassified.software
