Rocco Scappatura wrote:
full CHIME_BODY_IMAGESHACK /\bhttp:\/\/.*\.imageshack\.us/i
describe CHIME_BODY_IMAGESHACK Emails containing
imageshack.us URLs.
score CHIME_BODY_IMAGESHACK 2.0
Place these three lines in your local.cf file and restart any
daemons.
You can adjust the score to whatever you want.
This URL is very indiscriminant, in that it will score for
ANY URL from imageshack.us, and not just the spammy ones.
But in my situation this is acceptable.
But It won't be indiscriminant in my case.. Is there any other solution?
Keep messages on the list.
These are very simple messages that are exploiting an image hosting
service. There are very few spam signs in them. I have decided that
for the time being none of my users are affected by scoring purely on
the imageshack.us url.
In cases like these it is very difficult to come up with generic
solutions that fit everyones requirements. Which is why I would
recommend that you have a look at learning how to write very simple
rules. That way you will be able to write something that meets your
very specific needs. If you are uncertain of your rules, you should set
a small score (say 0.1) first so that any misfires do not have a major
affect on overall scoring, but you can see them in your results. You
can also send your rules to this list and the regulars here will be able
to check them out and give you advice.
Failing that you will have to be very specific about your requirements
for these spams, and someone might be able to suggest a rule that meets
your needs.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw