On Sat, 2008-12-06 at 10:17 -0700, Mike Cisar wrote:
> Have recently been having 1000's of spam slipping past Spamassassin... they
> all seem to be pretty much identical in format but Spamassassin isn't
> scoring them even high enough to be tagged.
>
> - they are all flagged as important
> - a single line having so far have one of two common phrases followed by a
> URL (always different) in the format <http://domain.com/> (angle brackets
> included).
> - the "from" always matches the "to" (so it always looks like its coming
> from yourself)
>
> I'm sure that at least some of the URL's or messages should be getting
> caught somewhere by SpamAssassin, but they aren't. So I don't know if
> there's something really crafty about the messages or what.
>
> Would love to write a custom rule to take care of the problem if I need
> to... but I'm cautious to write a rule based on the two phrases because they
> are guaranteed to trigger a lot of false positive. I'm thinking it would
> have to be a combination of the phrases, the important flag, the from
> matching to... and something to match that URL format?
>
> Anybody having problems with this spam, and figured out how to block it?
>
> Thanks much!
> >>>>> Mike <<<<<
>
>
Are the sending IP's on any block lists? Are you doing SPF checks?
