Hi, list. I have been under heavy stocks alerts spamming. Currently, my
setup goes like this:
-Debian Sarge
-Postfix 2.1.5-9 with VDA patch
-Amavisd-new 2.4.2
-SA 3.1.5
-ClamAV 0.84-2.sarge.1
-Mysql 4.0.24-10sarge
System was installed and is mantained via apt. I've recently added the
sa-update script to my cron. SA stores Bayes and the AWL in Mysql.
But since a month or so, I've noticed that in some sender's addresses
(spammers, of course) there are apostrophes. Shouldn't them get caught by
the INVALID_CHARACTERS rule? I'm only getting a 3.5 points score because of
the BAYES tokens. My quarantine treshold is at 5, and the reject treshold is
set up at 8.
If there are no problems with my setup, could somebody point me a custom
rule in order to stop this type of spam?
Here I put an aexample of this kind of messages:
<SNIP-SPAM>--------------------
From Philadelphia'[EMAIL PROTECTED] mar dic 26 09:54:17 2006
Return-Path: <Philadelphia'[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost [127.0.0.1])
by nahuel.biol.unlp.edu.ar (Postfix) with ESMTP id 7342870EE1
for <[EMAIL PROTECTED]>; Tue, 26 Dec 2006 09:54:17 -0300 (ART)
X-Virus-Scanned: by amavisd-new-2.4.2 (20060627) (Debian) at
biol.unlp.edu.ar
X-Spam-Score: 3.5
X-Spam-Level: ***
X-Spam-Status: No, score=3.5 tagged_above=2 required=5 tests=[BAYES_99=3.5]
Received: from nahuel.biol.unlp.edu.ar ([127.0.0.1])
by localhost (nahuel.biol.unlp.edu.ar [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id Xp6-Zl9r-rE0 for <[EMAIL PROTECTED]>;
Tue, 26 Dec 2006 09:54:17 -0300 (ART)
Received: from mx1planet.ingw.tn (unknown [80.51.251.194])
by nahuel.biol.unlp.edu.ar (Postfix) with ESMTP id B23AE70ECC
for <[EMAIL PROTECTED]>; Tue, 26 Dec 2006 09:54:09 -0300 (ART)
Received: from 217.16.16.81 (HELO mx1.masterhost.ru)
by biol.unlp.edu.ar with esmtp (7>[EMAIL PROTECTED] [EMAIL PROTECTED])
id A2G5G)-2;9776-1/
for [EMAIL PROTECTED]; Tue, 26 Dec 2006 13:04:44 -0060
From: "Curtis Finch" <Philadelphia'[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Curtis
Date: Tue, 26 Dec 2006 13:04:44 -0060
Message-ID: <[EMAIL PROTECTED]'sNegro>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Thread-Index: Aca6Q21Q4-E5.2-8V-2S:X935/JU9A==
2005 was the year of the oil company with many of these
companies posting record profits. 2006 has been the year
of alternative fuels with companies involved in this sector
blowing off the charts. This trend shows no signs of
abating.
Our next feature is right in the thick of the high-growth
alternative energy sector and they are doing incredible
things.
AlgoDyne Ethanol Energy
Symbol: ADYN
Current Price: $1.30
Short Term Target: $3.50
Long Term Projected: $10.00
It doesn't take a genius to know why alternative energy is
such a high-growth area right now. Smart traders know how
to watch global trends and seize the moment.
AlgoDyne is where it's at. AlgoDyne has developed a
turnkey solution in their proprietary micro-algae based
process which can produce direct electricity, eco-friendly
fuels, and valuable bi-products.
The company has just hit its sweet spot in the development
phase and is set to release some astounding results. These
revelations are being backed up by a far-reaching PR
campaign.
It is essential to get in early in order to enjoy the
biggest gains. Come Tuesday, December 26th this one will
be rapidly going up to meet our target price!
Do not delay! Win with ADYN!
</SNIP-SPAM>-------------------------------
Hope this info is enough.
Luis
--
-------------------------------------------------
GNU-GPL: "May The Source Be With You...
-------------------------------------------------
