Hello, I have a problem that I hope someone can help me with. I’m trying to write a custom rule to block a certain type of spam. When I view the message source, the very last lines of the spam look like this:
</table> <img src="http://trc.spammersdomain.com/redirect.php?email=redac...@richmond.edu";> </body> </html> Every single rule that I’ve written fails to detect that redirect.php URI. I’ve even tried a rule that simply reads: Full my_rule /redirect/is Score my_rule 10.0 No match. I’ve tried full, rawbody, uri, and body, all to no avail. I’ve even shortened the search string to “redi” (it’s a unique word) and still no match. I’ve been writing rules for many years and this is the first time I’ve seen this behavior. Any ideas?
