>-----Original Message-----
>From: Thomas Arend [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, December 22, 2004 6:56 AM
>To: [email protected]
>Subject: Re: {Spam?} spam with (rolex) watches gets trough
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Am Mittwoch, 22. Dezember 2004 12:42 schrieb Martin Hepworth:
>> Thomas
>>
>> what extra rules above the standard SA ones have you got? Any from
>> www.rulesemporium.com ?
>
>I have only the standard rules from SA 3.0.2
>
>>
>> also have you got the URI rbl's turned on? This helps quite alot for
>> this sort of spam.
>
>Thanks, I just checked it with spamassassin and got URI checks.
>A check on /etc/sysconfig/spamd on SuSE 9.1 showed -L option
>activated -
>removed it. Now the message gets "fine" scores.
>
>Thanks
Ninja Loren wrote some way back in Oct! Good lord we are behind! :)
body LW_ROLEX /\broll?ex\b/i
score LW_ROLEX 1
describe LW_ROLEX Mentions Rolex
body __LW_OBREPLICA /\brepIicas?\b/i
body __LW_REPLICA /\breplicas?\b/i
body __LW_WATCHES /\bwatch(?:es)?\b/i
meta LW_ROLEXWATCH LW_ROLEX && __LW_WATCHES
score LW_ROLEXWATCH 1
describe LW_ROLEXWATCH Mentions rolex watches
meta LW_FAKEROLEX LW_ROLEX && __LW_REPLICA
score LW_FAKEROLEX 5
describe LW_FAKEROLEX Talks about rolex and replicas
body LW_WANTAROLEX /Want a (?:\w+ )+Rolex(?: Watch)?\?/i #
Want a cheap Rolex Watch?
score LW_WANTAROLEX 5
describe LW_WANTAROLEX Asks if you want a rolex watch
meta LW_ROLEXOBFU __LW_OBREPLICA && LW_ROLEX
score LW_ROLEXOBFU 5
describe LW_ROLEXOBFU Obfuscating replica rolexes!
Also Ninja in training Matt N, submitted these to the list:
(Mind the word wrap)
header UOLCC_ROLEX_SUB1 Subject =~ /\brolex\b/i
describe UOLCC_ROLEX_SUB1 Subject contains the word 'rolex'
score UOLCC_ROLEX_SUB1 0.5
header UOLCC_ROLEX_SUB2 Subject =~ /\br.{1,2}o.{1,2}l.{1,2}e.{1,2}x\b/i
describe UOLCC_ROLEX_SUB2 Subject contains a gappy version of 'rolex'
score UOLCC_ROLEX_SUB2 1.5
body UOLCC_ROLEX_BODY1 /\brolex\b/i
describe UOLCC_ROLEX_BODY1 Body contains the word 'rolex'
score UOLCC_ROLEX_BODY1 0.5
body UOLCC_ROLEX_BODY2 /\br.{1,2}o.{1,2}l.{1,2}e.{1,2}x\b/i
describe UOLCC_ROLEX_BODY2 Body contains a gappy version of 'rolex'
score UOLCC_ROLEX_BODY2 1.5
rawbody UOLCC_WATCH_BODY
/^(Do\syou\s)?[Ww]ant\s(a\s)?(rolex\s|cheap\s)?[Ww](ristw)?atch\?\s*$/m
describe UOLCC_WATCH_BODY Body asks if you want a watch
score UOLCC_WATCH_BODY 2
None of these have been tested yet. Use at your own risk. Do not operate
while under heavy medication. Lather, rinse, repeat. Always repeat!
--Chris
