On 6/24/10 12:07 PM, Randy Ramsdell wrote:
Anyone receiving these? It is either a borked spam script or they are
probing. They come in with different headers and different body each
time so I am not sure how to mark or block them. Any suggestions would
be appreciated.
http://pastebin.com/kQJ0SPti
at least for THIS one, RCVD_IN_PBL
if you are using this BL, you might just want to block it at the MTA
level and not even scan it.
(I suspect the spam/vs ham scoring on that rule is so low because the
people submitting spam corpus probally block it at the MTA level and
never see it.
My understanding of PBL is that its at least 99.999% free of FP's)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
