Re: Two types of new spam

2020-01-03 Thread RW
On Fri, 3 Jan 2020 16:21:21 -0700 Philip Prindeville wrote: > rawbody __L_UNNEEDED_META_CT /^ /m > > meta T_BLOCK_MISC47 __L_UNNEEDED_META_CT > describe T_BLOCK_MISC47 Why do this when a > Content-Type: header works? score T_BLOCK_MISC47 20.0 > > And that

Re: Two types of new spam

2020-01-03 Thread RW
On Fri, 3 Jan 2020 15:29:40 -0700 Philip Prindeville wrote: > > On Jan 3, 2020, at 11:34 AM, RW wrote: > > > > On Fri, 3 Jan 2020 10:09:21 -0800 (PST) > > John Hardin wrote: > >> Try this instead, to actually match the header(s): > >> > >> header __L_RECEIVED_SPF Received-SPF =~ /^./

Re: Two types of new spam

2020-01-03 Thread Philip Prindeville
> On Jan 3, 2020, at 3:45 PM, Philip Prindeville > wrote: > > > >> On Jan 2, 2020, at 4:08 PM, Philip Prindeville >> wrote: >> >> I’m getting the following Spam. >> >> http://www.redfish-solutions.com/misc/bluechew.eml >> >> And this is notable for having: >> >> >> >> GUID1 >>

Re: Two types of new spam

2020-01-03 Thread Philip Prindeville
> On Jan 2, 2020, at 4:08 PM, Philip Prindeville > wrote: > > I’m getting the following Spam. > > http://www.redfish-solutions.com/misc/bluechew.eml > > And this is notable for having: > > > > GUID1 > GUID2 > GUID3 > GUID4 > … > One other question that occurs to me: why would we even

Re: Two types of new spam

2020-01-03 Thread Philip Prindeville
> On Jan 3, 2020, at 11:34 AM, RW wrote: > > On Fri, 3 Jan 2020 10:09:21 -0800 (PST) > John Hardin wrote: > >> On Fri, 3 Jan 2020, Pedro David Marco wrote: >> >>> header __L_RECEIVED_SPFexists:Received-SPF >>> tflags __L_RECEIVED_SPFmultiple maxhits=20 >>> >>> meta

Re: Two types of new spam

2020-01-03 Thread RW
On Fri, 3 Jan 2020 10:09:21 -0800 (PST) John Hardin wrote: > On Fri, 3 Jan 2020, Pedro David Marco wrote: > > > header __L_RECEIVED_SPF        exists:Received-SPF > > tflags __L_RECEIVED_SPF        multiple maxhits=20 > > > > meta L_RECEIVED_SPF            (__L_RECEIVED_SPF >= 10) > > describe

Re: Two types of new spam

2020-01-03 Thread John Hardin
On Fri, 3 Jan 2020, Pedro David Marco wrote: header __L_RECEIVED_SPF        exists:Received-SPF tflags __L_RECEIVED_SPF        multiple maxhits=20 meta L_RECEIVED_SPF            (__L_RECEIVED_SPF >= 10) describe L_RECEIVED_SPF        Crazy numbers of Received-SFP headers score L_RECEIVED_SPF   

Re: Two types of new spam

2020-01-03 Thread Pedro David Marco
Hi Philipe... try this: full __L_RECEIVED_SPF      /^Received-SPF: \w/mtflags __L_RECEIVED_SPF      multiple maxhits=11 meta L_RECEIVED_SPF        (__L_RECEIVED_SPF >= 10)describe L_RECEIVED_SPF        Crazy numbers of Received-SFP headersscore L_RECEIVED_SPF        4 -Pedro.

Re: Two types of new spam

2020-01-03 Thread Kris Deugau
Philip Prindeville wrote: I’m getting the following Spam. http://www.redfish-solutions.com/misc/bluechew.eml Received: from phylobago.mysecuritycamera.org (ec2-34-210-5-63.us-west-2.compute.amazonaws.com [34.210.5.63]) I have a local rule adding a couple of points for anything coming