Matt
--- Global.cfg ---
FORGEDPILLSPAMMER filter C:\IMail\Declude\Filters\ForgedPillSpammer.txt x 5 0
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
# FORGEDPILLSPAMMER v1.0.0
SKIPIFWEIGHT 40 MINWEIGHTTOFAIL 5 # Disable when it comes from an IP that is in the MX record just for safety since this targets zombies. TESTSFAILED END NOTCONTAINS IPNOTINMX # Prerequisites for spam pattern. Note that the spammer is near perfect for the headers. HEADERS END NOTCONTAINS X-MimeOLE: Produced By Microsoft MimeOLE V HEADERS END NOTCONTAINS To: " HEADERS END NOTCONTAINS From: " BODY END NOTCONTAINS <!DOCTYPE BODY END NOTCONTAINS This is a multi-part message in MIME format. # X-Unsent header is not something that you see in E-mail after it leaves Outlook. HEADERS 1 CONTAINS X-Unsent: 1 # Microsoft should insert a double line break before the end of the text and the start of the boundary. BODY 3 CONTAINS . ------=_NextPart_ # Start of boundary is always the same recently. BODY 3 CONTAINS NextPart_000_0008_01C53DE2. # Original Message within a tag. BODY 1 CONTAINS >----- Original Message ----- # Dead giveaway for Pharmacy spam (non-obfuscated part). BODY 3 CONTAINS yByMail BODY 3 CONTAINS By-Mail # This line is too long for Outlook in quoted-printable format. BODY 3 CONTAINS <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii"> <META content # Uses tables for obfuscation. BODY 3 CONTAINS <TD><FONT face=3DArial size=3D4></FONT></TD> <TD rowSpan=3D2><FONT face=3DArial size=3D4> # Subject is always Re:. HEADERS 1 CONTAINS Subject: Re: # Body does text/html as us-ascii. BODY 1 CONTAINS Content-Type: text/html; charset="us-ascii" # Body contains empty Style tags. BODY 1 CONTAINS <STYLE></STYLE>
