Philip Mak wrote:
I'm getting about 50+ per day of these spams not being caught by
SpamAssassin (SpamAssassin version 3.1.1 running on Perl version
5.8.4). There's two types:
1. Lose weight type spam, uses bad English e.g. "yrs" instead of
"years", "u" instead of "you", "ur" instead of "your", talks about not
having talked to the recipient in years
http://www.aaanime.net/pmak/spam/2006-05-27/1.txt
http://www.aaanime.net/pmak/spam/2006-05-27/2.txt
http://www.aaanime.net/pmak/spam/2006-05-27/3.txt
These spams all have different URLs, but if you visit them they're
exactly the same site. The first two resolve to the same IP address
too, though the third doesn't despite having the same content.
2. Homeowner credit, or something
http://www.aaanime.net/pmak/spam/2006-05-27/a.txt
http://www.aaanime.net/pmak/spam/2006-05-27/b.txt
These spams keep slipping through SpamAssassin consistently. Most of
my false negatives are variants of the messages I posted above. Any
suggestions on how to block them?
P.S. Looks like this mailing list's spam filter can block them! The
first time I tried to send this message, I had the spams included in
the body of my message and they got blocked.
<users@spamassassin.apache.org>:
140.211.166.49 failed after I sent the message.
Remote host said: 552 spam score (19.3) exceeded threshold
- if you're the first one to see these URIs, they won't get caught by
URIBL/SURBL/... the redirect plugin may help sometimes.
- if you use a site wide bayes, and few are reported as spam, the next
ones will be caught.
- if you're using per-user bayes, then that will work on a per user
basis. so your system will miss a lot more before catching some (more
time to learn).
- if you use the relay country plugin, you can assign scores to some
countries.
(There may be a need to check the heloname and client IP geographic
locations....?)
- your MTA can check hello; "m" isn't a valid helo name
