I don't know if someone can help me on a question about message
components naming but if you can I think I know how to defeat this large
spam. Before a message gets opened there is I'll call it a tag like
make money fast you'll read and this is not on the Subject: line either.
It was those tags I filtered on and managed to send lots of it to
/dev/null. None of these filters would or could learn from it and
eventually those fields started showing foreign characters too. I never
did find out the name of that field otherwise I could have written
procmail filters for all of it. I hope this helps someone.
On Wed, 15 Jul 2015, Ian Zimmerman wrote:
Date: Wed, 15 Jul 2015 16:42:28
From: Ian Zimmerman <i...@buug.org>
To: users@spamassassin.apache.org
Subject: Re: Large spam
On 2015-07-15 20:12 +0000, Zinski, Steve wrote:
We're starting to see a lot of spam in the 800KB to 1.2MB size
range. I?m running MIMEdefang and it?s configured to skip messages
larger than 100KB (and I hesitate to increase the limit due to
performance issues). I read somewhere that there?s a way to have
MIMEdefang (or spamassassin) strip out the non-text portions of the
e-mail and scan. Can anyone help me set this up or point me in the
right direction? Thanks!
Yes, I see the same thing. I have no doubt at all that it is
intentional, to defeat spamc size limit in particular.
Moreover, mimedefang won't help because at least some of them are
disguised as plain text messages. That is, the outermost message body
is an entire MIME message, headers and all.
--
