arni wrote:
Suhas Ingale schrieb:
Can someone help me writing rules to catch below content spam?
* 5.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
* 5.0 BOTNET Relay might be a spambot or virusbot
* [botnet0.7,ip=87.226.203.3,nordns]
* 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says
domain
* signs some mails
* 0.0 BOTNET_NORDNS Relay's IP address has no PTR record
* [botnet_nordns,ip=87.226.203.3]
* 1.9 RCVD_ILLEGAL_IP Received: contains illegal IP address
* 1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
* [URIs: otcpicks.com]
* 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?87.226.203.3>]
* 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [87.226.203.3 listed in zen.spamhaus.org]
* 0.5 WHOIS_DMNBYPROXY Contains URL registered to Domains by Proxy
* [URIs: otcpicks.com]
* 1.5 UPPERCASE_75_100 message body is 75-100% uppercase
Another "SREA" spam easily busted with BOTNET and BAYES, i dont really see the
need for a content rule.
arni
That doesn't answer his question though. He didn't ask for your opinion
about if he needed it. If the rules were working for him he wouldn't be
asking for help. When someone asks a question telling them they don't
need it is generally the wrong answer and a waste of time.
