Bill Randle wrote: > > Would you be willing to share the postfix rules you are using to block > these? > I don't think that would be wise, I'm afraid they are a bit too risky and simple for general use.. In most of them I've put the mail on HOLD so I can still inspect for FP's, probably not workable on larger sites. I simply collect similar spam in a directory (copied from my amavisd archive dir) and with cat/lowercase/sort/awk utils find out what 'interesting' long string is at least once in all spam-files. Even the MIME-part is (mis-)used for this. I test that on a HAM-dir (and on other spam to maybe find a more general use or patterns) and then place it in body_checks.regexp. During last night 82 mails went on HOLD because of a month old rule, all spam (only looking at the weird sender-addresses says enough, also the file-sizes are comparable in spam-batches). Some rules get hit more than a year long and others last only a day (then it's a waste of time). It's time consuming and not a necessity (SA tags most of it) but I'm a little (too) fanatic to prevent SPAM from getting into the users mailboxes. BTW more spam here is blocked because of blocklists, blocked ip-ranges/domains (china/korea/..), checks on the helo etcetera than with postfix rules.
Regards Menno -- View this message in context: http://www.nabble.com/Images-spams-cropping-up-again-tf2115239.html#a5835275 Sent from the SpamAssassin - Users forum at Nabble.com.
