Am 17.02.2016 um 17:49 schrieb Alex:
Hi all, I recall some rules that were written years ago to address these, but it appears they're back. We've been hit with a few, including users actually following the link. I was hoping someone had some recommendations on how to stop them. http://pastebin.com/zKWUUQ0Q Obviously they're coming in advance of being on an RBL or DNSBL. I was thinking to correlate the body text somehow with something that checks to see if it actually passed through Google (SPF, etc?), but that won't work for messages that were forwarded to another user...
well, and that's why bayes-autoexpire is nonsense, your pastebin would have been rejected here by exceed 8.0 points (milter-rejcts score) easily
Content analysis details: (13.1 points, 5.5 required) pts rule name description---- ---------------------- --------------------------------------------------
7.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.4 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
2.5 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
2.5 RDNS_NONE Delivered to internal network by a host
with no rDNS
0.2 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image 0.0 T_REMOTE_IMAGE Message contains an external image
signature.asc
Description: OpenPGP digital signature
