On 30/12/12 17:13, Jari Fredriksson wrote:
30.12.2012 18:05, Jari Fredriksson kirjoitti:
So far I have created many meta rules containing those words, but the
list is endless. The words like mostly U.S. town names and U.S. sports
team names.
On the face of it that doesn't sound too difficult.
In addition to that the spam contains words "game",
"basketball", "football", "live", "vs.", "at", "tv" and "pc".
That sounds really error prone - particularly the last five words.
Seems to be a brain dead idea from JBoss/Red Hat to create such a system
in internet
- web gui for discussions
- anonymize the senders and send the messages w/o any clue who really
created the content
Those simple words can not alone do anything, but something like this:
List-Id: jboss-us...@redhat.com
Subject: [jboss-users] [jBPM] - I watch New York from my TV and found a
live Buffalo on my free PC
Where is this list?
I can't find a jboss-us...@redhat.com (on Red Hat mailing lists, see
https://www.redhat.com/mailman/listinfo), only a
jboss-u...@lists.jboss.org on lists.jboss.org.
Can you point to some example spam in the list archives please.
That might trigger my rule. But it is JBoss Business Process management
tool mailing list, so that has not yet happened. Thousands of spam this
day alone, not a single false positive found so far.
Finally they are getting some Bayes too, and exterbal URIBL databases
are recognizing URIs in the payload. So I have now lowered the points on
my rule to 5.5. Also created a local anti-DNSWL_MED for mail coming from
redhat having this RCVD_IN_DNSWL_MED on.
I wonder what the attacker is up to. Has she just figured a way thru all
anti spam measures, or trying to case damage to Red Hat somehow... It's
only jBPM sub list of JBoss so far...
