Thus, based on my own observations, it looks like the value of rules in
this particular area is going to be in scoring stuff that arrives before
the domains show up in the various SURBLs.
Quite possibly, though it seems to have been selectively targeted to
some extent: at least it doesn't
Martin Gregorie wrote:
Alternatively, using a meta rule that combines the above pattern as a
sub-rule with two like this:
/[a-z]{7,8}[0-9]{4}/
that match against From: and Reply-To: headers would appear to be
fairly specific and worthy of a big score, but of course you'll have
spotted that
On Wed, 2010-08-25 at 14:29 +1200, Jason Haar wrote:
On 08/25/2010 10:06 AM, Ibrahim Harrani wrote:
Hi,
Recently, I am getting russian spam like at http://pastebin.com/Yf3AusJ4
All of their characteristic is that there are two line in the body.
First is a sentence, second is url
On Wed, 2010-08-25 at 20:04 +0200, Benny Pedersen wrote:
On ons 25 aug 2010 13:37:57 CEST, Martin Gregorie wrote
BTW, I'm now starting to see spam that doesn't contain any URIs or other
ways of identifying a source for the goods being advertised. So far its
been for examination aids and
On Wed, 2010-08-25 at 19:56 +0100, Martin Gregorie wrote:
BTW, I'm now starting to see spam that doesn't contain any URIs or other
ways of identifying a source for the goods being advertised. So far its
been for examination aids and footware and has all been sent via a
mailing list. Is
On Wed, 2010-08-25 at 01:06 +0300, Ibrahim Harrani wrote:
Recently, I am getting russian spam like at
http://pastebin.com/Yf3AusJ4
All of their characteristic is that there are two line in the body.
First is a sentence, second is url ending with .ru/
Hmm, I don't seem to have any problems
On Wed, 2010-08-25 at 21:16 +0200, Karsten Bräckelmann wrote:
http://pastebin.com/JAEuCSnC
Uhm, that's not typical spam. It's actually forum / blog comment spam,
helpfully and automatically converted to a mail.
Sure, but its off topic and, however ineptly, its certainly advertising.
That
On Wed, 2010-08-25 at 21:31 +0100, Martin Gregorie wrote:
On Wed, 2010-08-25 at 21:16 +0200, Karsten Bräckelmann wrote:
http://pastebin.com/JAEuCSnC
Uhm, that's not typical spam. It's actually forum / blog comment spam,
helpfully and automatically converted to a mail.
Sure, but its off
On 08/25/2010 10:06 AM, Ibrahim Harrani wrote:
Hi,
Recently, I am getting russian spam like at http://pastebin.com/Yf3AusJ4
All of their characteristic is that there are two line in the body.
First is a sentence, second is url ending with .ru/
This is an example of what I reported a couple
On ons 25 aug 2010 04:29:02 CEST, Jason Haar wrote
It's nasty :-(
rules can be nasty to :)
#
# save into local_russian_domains.cf
#
uri __RU_TLD /\.ru\b/i
uri __RU_TLD_WHITE /\bexample\.ru\b/i
meta __URI_LISTED (URIBL_AB_SURBL || URIBL_WS_SURBL || URIBL_JP_SURBL
|| URIBL_BLACK ||
On 1-25-2010 8:42 AM, Richard Smits wrote:
Does anyone knows any tricks to fight russian spam ? We are getting a
lot of this for the last weeks.
I have dealt with Russian spam by using on en in the ok_languages
variable and increasing the score for UNWANTED_LANGUAGE_BODY to 10. I
also
On 1-25-2010 8:42 AM, Richard Smits wrote:
Does anyone knows any tricks to fight russian spam ? We are getting a
lot of this for the last weeks.
On 25.01.10 08:56, Dan Schaefer wrote:
I have dealt with Russian spam by using on en in the ok_languages
variable and increasing the score for
Am 15. Jan 2009 um 01:35 CET schrieb Francis Russell:
Anyone know of any good rule-sets to block this sort of spam?
http://www.unchartedbackwaters.co.uk/files/russian_spam.txt
,
| X-Spam-Flag: YES
| X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on debian64.potato.lan
|
Anyone know of any good rule-sets to block this sort of spam?
http://www.unchartedbackwaters.co.uk/files/russian_spam.txt
I get 17 points on that one. And looked the ip up manually on xbl and it is
there because its on cbl:
http://cbl.abuseat.org/lookup.cgi?ip=84.16.105.146
pts rule name
Hello,
You could write a Meta rule that contained two sub rules - one for matching
The Bat! mailer, and the other matching the chat.ru link at the bottom.
Fire a score if both rules hit. It may not be optimal, but it got rid of that
Spam for me, and I haven't had a FP yet.
If you check out
Francis Russell wrote:
Anyone know of any good rule-sets to block this sort of spam?
http://www.unchartedbackwaters.co.uk/files/russian_spam.txt
I find that Pyzor and Razor completely miss it as well as the DNS
blacklists (although I believe this one has a relay in one of the
Spamhaus ones
.
Cheers,
Mike
-Original Message-
From: Ned Slider [mailto:n...@unixmail.co.uk]
Sent: Thursday, 15 January 2009 2:04 p.m.
To: users@spamassassin.apache.org
Subject: Re: Russian spam
Francis Russell wrote:
Anyone know of any good rule-sets to block this sort of spam?
http
On Thu, January 15, 2009 01:35, Francis Russell wrote:
http://www.unchartedbackwaters.co.uk/files/russian_spam.txt
Content analysis details: (12.6 points, 5.0 required)
pts rule name description
--
-
1.5
Michael Hutchinson wrote:
Hello,
Be careful with the character-set matching rules. I was using some of them and
got a high rate of FP's - it was mainly because of the koi8-r charset, and
scoring against that meant I was also scoring against perfectly legitimate
technical resource newsletters
Benny Pedersen wrote:
Unfortunately, these two are because I receive mail via BT/Yahoo who
never do a PTR lookup on the IP.
3.3 TVD_RCVD_IP4 TVD_RCVD_IP4
1.6 TVD_RCVD_IPTVD_RCVD_IP
Oddly, I cant get this one to fire on my SA install.
2.0 FROM_EXCESS_BASE64 From:
Jean-Paul Natola schrieb:
Hi all,
Is there a plugin and/or rule to block russian spam?
Here's a sample
[...]
Jean-Paul
I think the key is to give special score for cyrillic chars (unless
this doesnt affect your regular mails).
Perhaps:
ok_locales
e.g:
ok_locales en
But i dont
Jean-Paul Natola schrieb:
Hi all,
Is there a plugin and/or rule to block russian spam?
Here's a sample
[...]
Jean-Paul
I think the key is to give special score for cyrillic chars (unless
this doesnt affect your regular mails).
Perhaps:
ok_locales
e.g:
ok_locales en
But i dont
Are you running Mimedefang?
It might be a start.
We block email from subscriber addresses at networks that are known to be
large sources of spam.
See:
http://www.mimedefang.org/kwiki/index.cgi?PhilipsWorkingFilter
in particular, how %bad_tld's is used.
-Philip
Kristopher Austin wrote:
I
23 matches
Mail list logo
