this ruleset works well for me:
http://www.violetdreams.com/sa/rolex.cf
maybe "ninjaz -at- webexpress.com" can be welcomed to the sare dojo? ;-)
Chris Santerre wrote:
-----Original Message----- From: Thomas Arend [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 22, 2004 6:56 AM To: [email protected] Subject: Re: {Spam?} spam with (rolex) watches gets trough
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am Mittwoch, 22. Dezember 2004 12:42 schrieb Martin Hepworth:
Thomas
what extra rules above the standard SA ones have you got? Any from www.rulesemporium.com ?
I have only the standard rules from SA 3.0.2
also have you got the URI rbl's turned on? This helps quite alot for this sort of spam.
Thanks, I just checked it with spamassassin and got URI checks.
A check on /etc/sysconfig/spamd on SuSE 9.1 showed -L option activated - removed it. Now the message gets "fine" scores.
Thanks
Ninja Loren wrote some way back in Oct! Good lord we are behind! :)
body LW_ROLEX /\broll?ex\b/i score LW_ROLEX 1 describe LW_ROLEX Mentions Rolex
body __LW_OBREPLICA /\brepIicas?\b/i body __LW_REPLICA /\breplicas?\b/i body __LW_WATCHES /\bwatch(?:es)?\b/i
meta LW_ROLEXWATCH LW_ROLEX && __LW_WATCHES score LW_ROLEXWATCH 1 describe LW_ROLEXWATCH Mentions rolex watches
meta LW_FAKEROLEX LW_ROLEX && __LW_REPLICA score LW_FAKEROLEX 5 describe LW_FAKEROLEX Talks about rolex and replicas
body LW_WANTAROLEX /Want a (?:\w+ )+Rolex(?: Watch)?\?/i # Want a cheap Rolex Watch? score LW_WANTAROLEX 5 describe LW_WANTAROLEX Asks if you want a rolex watch
meta LW_ROLEXOBFU __LW_OBREPLICA && LW_ROLEX score LW_ROLEXOBFU 5 describe LW_ROLEXOBFU Obfuscating replica rolexes!
Also Ninja in training Matt N, submitted these to the list: (Mind the word wrap)
header UOLCC_ROLEX_SUB1 Subject =~ /\brolex\b/i describe UOLCC_ROLEX_SUB1 Subject contains the word 'rolex' score UOLCC_ROLEX_SUB1 0.5
header UOLCC_ROLEX_SUB2 Subject =~ /\br.{1,2}o.{1,2}l.{1,2}e.{1,2}x\b/i describe UOLCC_ROLEX_SUB2 Subject contains a gappy version of 'rolex' score UOLCC_ROLEX_SUB2 1.5
body UOLCC_ROLEX_BODY1 /\brolex\b/i describe UOLCC_ROLEX_BODY1 Body contains the word 'rolex' score UOLCC_ROLEX_BODY1 0.5
body UOLCC_ROLEX_BODY2 /\br.{1,2}o.{1,2}l.{1,2}e.{1,2}x\b/i describe UOLCC_ROLEX_BODY2 Body contains a gappy version of 'rolex' score UOLCC_ROLEX_BODY2 1.5
rawbody UOLCC_WATCH_BODY /^(Do\syou\s)?[Ww]ant\s(a\s)?(rolex\s|cheap\s)?[Ww](ristw)?atch\?\s*$/m describe UOLCC_WATCH_BODY Body asks if you want a watch score UOLCC_WATCH_BODY 2
None of these have been tested yet. Use at your own risk. Do not operate while under heavy medication. Lather, rinse, repeat. Always repeat!
--Chris
-- Robert Brooks, Network Manager, Cable & Wireless UK <[EMAIL PROTECTED]> http://hyperlink-interactive.co.uk/ Tel: +44 (0)20 7339 8600 Fax: +44 (0)20 7339 8601 - Help Microsoft stamp out piracy. Give Linux to a friend today! -
