On Thu, 2013-05-02 at 14:08 +0200, Simon Loewenthal wrote: > May be you could try something like this, but change the English text > into Norwegian accordingly. > > describe J_MAILBOX_FULL Your mailbox has exceeded spam > body J_MAILBOX_FULL /^Your? ((web|E-?) ?mail|mailbox) .*(is| > has) .*(exceed|over)/i > score J_MAILBOX_FULL 1.0 > I'm already trapping it successfully, thanks, after I added the relevant Norwegian phrases to my phishing phrases recogniser.
I've also added webs.com to my spam-related URI list and was wondering if anybody else has seen them being used to host spam-related websites or spam that matches this pattern. Martin
