On 07/05/11 19:38, Andrea Gozzi wrote:
Hi guys.
I need some help in setting up effective rules to counter a spam wave that
has been hitting my server lately.
Most of the messages come from hotmail.com accounts and for obvious reasons
I can't block the whole domain.
All the emails have a common pattern (HTML_LINK + JUNK_TEXT):
http://pastebin.com/sWahQEjx
http://pastebin.com/aFjnyi6f
http://pastebin.com/bdeb5p9K
Any tips?
Thanks.
Andrea
Yep, they are darn hard to catch.
For starters, make sure you are training them in Bayes.
Your best bet of catching these particular examples is probably through
the URIs in the spam. When I scan them now with SA they are caught by
many URIBLs. Greylisting can help here too as delaying accepting of the
mail gives the URIBLs time to blacklist the spammed URIs (although I
appreciate greylisting isn't to everyone's taste).
Personally, I've got so fed up with gorilla freemail spam I score
hotmail et al., with 3 points for starters just to give them less
wriggle room to mess up. Adjust accordingly and/or look at rules that
then whitelist legitimate senders.
I just don't believe these guys are too big to block. I've found it far
less time consuming to block and whitelist the ham than I have to deal
with all the spam that makes it through otherwise. I don't see a huge
amount of spam from gmail users, so if they can deal with it that just
tells me that hotmail, yahoo et al. just don't care.
