Benoit had already confirmed that the redirector_pattern worked as expected.
On 11/2/21 6:07 PM, Bill Cole wrote:
On 2021-11-02 at 04:52:17 UTC-0400 (Tue, 2 Nov 2021 09:52:17 +0100)
Benoit Panizzon
is rumored to have said:
Hi SA Community
In the last couple of weeks, I see a massive
On 2021-11-02 at 04:52:17 UTC-0400 (Tue, 2 Nov 2021 09:52:17 +0100)
Benoit Panizzon
is rumored to have said:
Hi SA Community
In the last couple of weeks, I see a massive increase of spam mails
which make use of google site redirection and dodge all our attempts
at
filtering.
That is google
Hi Alex
> So what redirector_pattern rule did you use?
Turned out, the shipped one matched:
redirector_pattern
m'^https?:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&\#])'i
But when I first tested, the URI was not yet blacklisted to this missed
my attention.
Mit
Hi Alex
> you're looking to use a redirector_pattern rule - weird that this hasn't
> been yet been added in SA's default ruleset
> Please submit a bug with a sample message
Thank you, that sounds promising. Digging into how to use.
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a
Hi Martin
> You can find out quite a lot about a spamming site with a few common
> commandline tools:
>
> - 'ping' tells you of the hostname part of the UREL is valid
> - 'host hostname' should get the sender's IP
> - 'host ip' IOW a reverse host lookup, tells yo if the first
>
On Tue, 2021-11-02 at 09:52 +0100, Benoit Panizzon wrote:
> Hi SA Community
>
You can find out quite a lot about a spamming site with a few common
commandline tools:
- 'ping' tells you of the hostname part of the UREL is valid
- 'host hostname' should get the sender's IP
- 'host ip' IOW a
you're looking to use a redirector_pattern rule - weird that this hasn't
been yet been added in SA's default ruleset
Please submit a bug with a sample message
On 11/2/21 9:52 AM, Benoit Panizzon wrote:
Hi SA Community
In the last couple of weeks, I see a massive increase of spam mails
which
Hi Raymond
> If you could check that it would help a lot
>
> Some rules to translate common used services and your example is a good
> one. If you would check the specific domain it would havbe hit SURBL.
Yes, and future hits to the SWINOG Spamtrap (uribl.swinog.ch) will also
extract such
Hi SA Community
In the last couple of weeks, I see a massive increase of spam mails
which make use of google site redirection and dodge all our attempts at
filtering.
That is google redirector is about the only common thing in those
emails. Source IP, text content etc. is quite random.
Such an