> >Here's the number WARNings/day for previous 8 days at one high-volume > >site I admin: > >mx1# zegrep -ic "suspected image" /var/log/maillog.[0-9].gz > >What parameters/tests are you using to flag your image spam?
just looking at headers and trying to Whack-a-Mole with strings that seem to match. I bet the image spam hasn't dropped off but that the string I was "lucky" to have match was changed by the spammers. Here's one I'm playing with now, in pcre:body_checks.regexp : /^\<img src=\"cid\:.* border=0/ WARN suspected multipart image spam Here's one for pcre:header_checks.regexp : /^content-disposition: inline;\n *(name|filename)=.*\.(zip|gif|jpg|jpeg)\"$/ WARN suspected image spam/header Len
