On Mon, 12 Jul 2010, Michelle Konzack wrote:
From: Coupon Dept. CouponDeptdOS_V`CcOP
IW^GIdATOn2PbJK_/v...@perezcentral.com
I realize that the spammers will soon recognize that you are filtering
them, but for the moment, why not score heavily on the 'unusual'
characters inside these coded
header LOC_WEIRD_FROM From =~ /[...@\]*[\^\`\ ]...@\]*@/
# note: the '[...@\]*' confines the match to within a local address part
Using From:addr instead is better and more accurate. That RE is more
complicate than it needs to, yet might even match the real name. From is
not From:raw.
But I
On Mon, 12 Jul 2010, Karsten Bräckelmann wrote:
header LOC_WEIRD_FROM From =~ /[...@\]*[\^\`\ ]...@\]*@/
# note: the '[...@\]*' confines the match to within a local address part
Using From:addr instead is better and more accurate.
Provided the spammer doesn't use more than one address on the
Hello Experts,
since arround 9 weeks I become bombed on my E-Mails linux4michelle and
michelle.konzack by crappy From: spams. Here some examples from my
log:
[ '~/.tdtools-procmail/FLT_weird_From.hits' ]---
1275237458:DirectBuylW[P^h4TWXMQ_OOQUI
On Sun, 2010-07-11 at 12:49 +0200, Michelle Konzack wrote:
Hello Experts,
since arround 9 weeks I become bombed on my E-Mails linux4michelle and
michelle.konzack by crappy From: spams. Here some examples from my
log:
[garbled address samples snipped]
but I want to do the scanning in
Hello Karsten Bräckelmann,
Am 2010-07-11 16:21:49, hacktest Du folgendes herunter:
Didn't have sufficient caffeine yet, and I am too lazy to go through
that procmail logic in detail -- but looking at the samples, you want to
identify junk chars in the From: header?
Yes
Well, what about a
On Sun, 2010-07-11 at 17:35 +0200, Michelle Konzack wrote:
Didn't have sufficient caffeine yet, and I am too lazy to go through
that procmail logic in detail -- but looking at the samples, you want to
identify junk chars in the From: header?
Yes
Well, what about a header From rule,
On Sun, 11 Jul 2010, Karsten Br?ckelmann wrote:
On Sun, 2010-07-11 at 17:35 +0200, Michelle Konzack wrote:
Didn't have sufficient caffeine yet, and I am too lazy to go through
that procmail logic in detail -- but looking at the samples, you want to
identify junk chars in the From: header?
Hello John Hardin,
Am 2010-07-11 08:57:39, hacktest Du folgendes herunter:
On Sun, 11 Jul 2010, Karsten Br�ckelmann wrote:
What about providing some raw From: headers then?
+1 We need to see the headers.
Cut the serialnumber at the beginning up to the first : and you have it.
The From:
Hello John Hardin,
Am 2010-07-11 08:57:39, hacktest Du folgendes herunter:
On Sun, 11 Jul 2010, Karsten Br�ckelmann wrote:
What about providing some raw From: headers then?
+1 We need to see the headers.
[ STDIN ]---
From
On 11/07/10 23:06, Michelle Konzack wrote:
Hello John Hardin,
Am 2010-07-11 08:57:39, hacktest Du folgendes herunter:
On Sun, 11 Jul 2010, Karsten Br�ckelmann wrote:
What about providing some raw From: headers then?
+1 We need to see the headers.
[ STDIN
On Sun, 2010-07-11 at 23:59 +0200, Michelle Konzack wrote:
On Sun, 11 Jul 2010, Karsten Bräckelmann wrote:
What about providing some raw From: headers then?
Cut the serialnumber at the beginning up to the first : and you have it.
The From: E-Mails are exactly as shown.
Nope.
They are
On Mon, 2010-07-12 at 00:06 +0200, Michelle Konzack wrote:
On Sun, 11 Jul 2010, Karsten Bräckelmann wrote:
What about providing some raw From: headers then?
From coupond...@perezcentral.com Sun Jul 11 17:21:41 2010
Return-Path: coupond...@perezcentral.com
Err, didn't you say you don't
On Mon, 12 Jul 2010, Michelle Konzack wrote:
[ STDIN ]---
From coupond...@perezcentral.com Sun Jul 11 17:21:41 2010
Return-Path: coupond...@perezcentral.com
Delivered-To: linux4miche...@tamay-dogan.net
Received: from
On Sun, 2010-07-11 at 18:22 -0500, Dave Funk wrote:
Rough first pass SA rule:
header T_FROM_CRAP1 From:addr =~ /[`\^:\]\[,?/]/
^ ^ ^
Breaks. You either need to backslash escape the slash inside the RE, or
use alternative match-operator
Hello Ned Slider,
Am 2010-07-11 23:38:50, hacktest Du folgendes herunter:
For me, that would be caught by dbl.spamhaus.org as a blacklisted
sender domain during the smtp connection.
Is this not included in zen?
$ nslookup perezcentral.com.dbl.spamhaus.org
Non-authoritative answer:
Name:
On Mon, 2010-07-12 at 01:37 +0200, Michelle Konzack wrote:
For me, that would be caught by dbl.spamhaus.org as a blacklisted
sender domain during the smtp connection.
Is this not included in zen?
ZEN lists the handing-over IP (XBL, PBL) or any Received IP for deep-
parsing (SBL). This is
On 12/07/10 00:37, Michelle Konzack wrote:
Hello Ned Slider,
Am 2010-07-11 23:38:50, hacktest Du folgendes herunter:
For me, that would be caught by dbl.spamhaus.org as a blacklisted
sender domain during the smtp connection.
Is this not included inzen?
No, it's a separate list purely for
On Mon, 2010-07-12 at 00:52 +0100, Ned Slider wrote:
On 12/07/10 00:37, Michelle Konzack wrote:
For me, that would be caught by dbl.spamhaus.org as a blacklisted
sender domain during the smtp connection.
Is this not included inzen?
No, it's a separate list purely for domains, not
19 matches
Mail list logo
