On Sun, 2008-08-31 at 07:32 -0400, Skip wrote:
> Got this one today. Never seen anything like this before.
> http://pelorus.org/mix
>
> (I couldn't even paste into pastebin--their spam catcher caught it)
> This one only scored a 2.9 on my installation, as you can see. I do
> have some custom rules (Saught and SARE) but no hits there.
I've noticed more spams lately coming in with huge TO: lists that
haven't been washed for even obviously bogus addresses; yours is an
example of such.
How about these rules? (watch the line wrap)
describe TO_HARVESTED To: obviously harvested
header TO_HARVESTED To =~ /\@(?:(?:(?:example|your|
some)\.domain)|(?:(?:example|your\.domain)\.com)|your\.favou?rite
\.machine)\b/
describe TO_TOO_MANY To: too many recipients
header TO_TOO_MANY To =~ /(?:,[^,]{1,80}){20}/
describe TO_WAY_TOO_MANY To: way too many recipients
header TO_WAY_TOO_MANY To =~ /(?:,[^,]{1,80}){50}/
The latter two may have FPs if you're prone to getting infinitely
forwarded jokes and such from relatives and friends - but that might
actually be viewed as a benefit. :)
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Those in the media have donated to Obama at a 100:1 ratio compared
to McCain. Are we to believe that this bias does not in any way
taint their coverage of the campaign?
-----------------------------------------------------------------------
65 days until the Presidential Election
