Am 13.03.2012 13:09, schrieb Martin Gregorie:
> On Tue, 2012-03-13 at 09:48 +0000, Jenny Lee wrote:
>>
>> Dear SA Users,
>>  
>> I am getting this chinese spam every hour. I tried, ok_locales,
>> ok_languages with texcat plugin... I tried matching the subject... but
>> these people are always getting through.
>>  
>> http://www.pastebin.ca/2127622
>>  
>> What rules/modifications do I need to do to get rid of this?
>>  
> If that UTF-8 prefix - =?utf-8?B? - is specific for Chinese, then a rule
> something like:
> 
> header __FC1  From =~ /=?utf-8?B?/
> header __FC2  From =~ /\.cn>/i
> meta   FAKE_CHINESE  (__FC1 && !__FC2)
> 
> might do it. 
> 
> Equally obviously, if all the spam is coming from Argentina, or
> pretending to come from there, and your users never correspond with
> anybody from that country, simply deep-six anything with that TLD in the
> sender's address. I use a modification of that to treay all mail from
> Russia as spam unless it comes from one of the three people I know
> there:
> 
> describe MG_CYRILLIC  Russian cyrillic spam
> header   __MG_CY1 From =~ /\.ru>/ 
> header   __MG_CY2 From =~ /person1\@mail\.example1\.ru/ 
> header   __MG_CY3 From =~ /(person2\@example2|person3\@example3)\.ru/
> meta     MG_CYRILLIC  (__MG_CY1 && !(__MG_CY2 || __MG_CY3))
> score    MG_CYRILLIC  12.5
> 
> This works well for me and could be trivially adapted to any country,
> but ymmv.               
> 
> 
> Martin
> 
> 

more trival, if the sender address is always the same reject it on mta
level, if you arent afraid about loosing other mail from this ip
mailserver reject the ip in total

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Reply via email to