Suhas Ingale schrieb:
Can someone help me writing rules to catch below content spam?
* 5.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
* 5.0 BOTNET Relay might be a spambot or virusbot
* [botnet0.7,ip=87.226.203.3,nordns]
* 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says
domain
* signs some mails
* 0.0 BOTNET_NORDNS Relay's IP address has no PTR record
* [botnet_nordns,ip=87.226.203.3]
* 1.9 RCVD_ILLEGAL_IP Received: contains illegal IP address
* 1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
* [URIs: otcpicks.com]
* 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?87.226.203.3>]
* 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [87.226.203.3 listed in zen.spamhaus.org]
* 0.5 WHOIS_DMNBYPROXY Contains URL registered to Domains by Proxy
* [URIs: otcpicks.com]
* 1.5 UPPERCASE_75_100 message body is 75-100% uppercase
Another "SREA" spam easily busted with BOTNET and BAYES, i dont really see the
need for a content rule.
arni
