Re: [SAtalk] 'cryingrussians' spam
Kris Deugau wrote on Thu, 19 Jun 2003 17:29:49 -0400: uri REALLY_SHORT_PORN_01 /cryingrussians.net/i I just use something like body REALLY_SHORT_PORN_01 /cryingrussians/i Is there any advantage of the first format? F.i. speed? I thought using a body rule might actually help in speed and it would also catch any matches which are not identified as a URL, just in case ... Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de http://msie.winware.org --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] 'cryingrussians' spam
[EMAIL PROTECTED] wrote: I've seen mentions of this type of spam that does not get tagged as such with the default rules of spamassassin 2.55. Can anyone elaborate on techniques for blocking this type of spam? Any recommendations would be of interest. Start adding global rules- I've found the best way to tag them is by the URL in the message. Set the score for those rules high- I've been using 4.1-4.5 depending on how high the message already scored. eg: uri REALLY_SHORT_PORN_01/cryingrussians.net/i describe REALLY_SHORT_PORN_01 URL found in pornspam score REALLY_SHORT_PORN_01 4.5 Due to the number of domains I've added like this, I've started using regexes like: /(cryingrussians|incestuals|lewdmother|beastyvideo|(cryin|scared)girls)\.(com|biz)/ I've also added a list of tests for assorted phrases or phraseoids that have been seen in similar messages, tests for ISPs that our customers send and receive mail to and from, tests to tag mail apparently from an account on our inbound relay server, a (really bad) test for IncrediMail etc. -kgd -- erno hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is. --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] 'cryingrussians' spam
I've seen mentions of this type of spam that does not get tagged as such with the default rules of spamassassin 2.55. Can anyone elaborate on techniques for blocking this type of spam? I saw mention of the fact that most of these have a forged received header - I checked some that I got here and sure enough - the first one I checked shows that it originated from hotmail.com (unknown [65.96.82.171]) Looking up 65.96.82.171 resolves to h00c002ccf7c5.ne.client2.attbi.com - obviously forged - but the question is how can spamassassin rules be tweaked to catch this? Any recommendations would be of interest. Regards, Ron --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
