Am 13.03.2012 13:09, schrieb Martin Gregorie: > On Tue, 2012-03-13 at 09:48 +0000, Jenny Lee wrote: >> >> Dear SA Users, >> >> I am getting this chinese spam every hour. I tried, ok_locales, >> ok_languages with texcat plugin... I tried matching the subject... but >> these people are always getting through. >> >> http://www.pastebin.ca/2127622 >> >> What rules/modifications do I need to do to get rid of this? >> > If that UTF-8 prefix - =?utf-8?B? - is specific for Chinese, then a rule > something like: > > header __FC1 From =~ /=?utf-8?B?/ > header __FC2 From =~ /\.cn>/i > meta FAKE_CHINESE (__FC1 && !__FC2) > > might do it. > > Equally obviously, if all the spam is coming from Argentina, or > pretending to come from there, and your users never correspond with > anybody from that country, simply deep-six anything with that TLD in the > sender's address. I use a modification of that to treay all mail from > Russia as spam unless it comes from one of the three people I know > there: > > describe MG_CYRILLIC Russian cyrillic spam > header __MG_CY1 From =~ /\.ru>/ > header __MG_CY2 From =~ /person1\@mail\.example1\.ru/ > header __MG_CY3 From =~ /(person2\@example2|person3\@example3)\.ru/ > meta MG_CYRILLIC (__MG_CY1 && !(__MG_CY2 || __MG_CY3)) > score MG_CYRILLIC 12.5 > > This works well for me and could be trivially adapted to any country, > but ymmv. > > > Martin > >
more trival, if the sender address is always the same reject it on mta level, if you arent afraid about loosing other mail from this ip mailserver reject the ip in total -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
