I've wondering how to make a rule to catch mails with _ in the name...
almost nobody uses _ as a real e-mail adress, at least in e-mails
passed in my server.
so if i score mails From:
[EMAIL PROTECTED] i have a big chance to
block a spammer.
Could anyone helpme ... i'd like to score [EMAIL PROTECTED]
tks in advance,
Felipe Tonioli
On Wed, 22 Sep 2004 13:29:30 -0400, Alan Langford <[EMAIL PROTECTED]> wrote:
> Congrats on the 3.0 release everyone. Now all I have to do is wait for my
> ISP to upgrade.
>
> I get about 4,000-5,000 spams per week. Roughly 2,000 of those pass through
> SpamAssassin 2.63. I've got about 1500 of my own regex rules to handle this
> problem (Eudora rocks). After white listing, these rules are pretty
> aggressive and not really useful to anyone else. I'm down to about 50%
> direct-to-trash, 50% probable spam with about 5 false negatives and 1 false
> positive per week.
>
> However, lately more stuff has been getting through. I've developed a rule
> set to handle these that I think might be useful globally. So this post is
> to describe it and to ask if this capability is in 3.0 yet or not.
>
> I'm seeing obfuscation by mis-spelling. Take your average drug name and
> drop in one or two bonus alpha characters, some times they distinguish them
> by case, so that "filter" becomes "filtBer" So now I'm starting to match
> ("f.?i.?l.?t.?e.?r" and not "filter") to catch them. If this is in 3.0,
> then I'll start harassing my ISP to upgrade; if not, then I'll start
> entering new rules of my own with the most common spam vocabulary.
>
> Another one that's proving problematic and hard to get with Eudora is
> "random spacing", so I get phrases like "blah blah in ter estr ate blah
> blah blah". Is there a rule that says "ignore whitespace and look for
> phrase X"?
>
>
--
Felipe Tonioli
