Re: MSN again
Am 27.01.2012 08:31, schrieb Tom Kinghorn: > On 27/01/2012 09:25, Robert Schetterer wrote: >> if you are with postfix >> and these are the problem senders >> as short workaround make a sender reject table > Hi Robert > > I have a regex sender reject table but the sender addresses are random. > the localpart changes constantly > > here is my list so far > > /^wegoood[0-9]{1,3}@msn\.com$/ REJECTMSN SPAMMER > /^ukbcc[0-9]{1,3}@msn\.com$/ REJECTMSN SPAMMER > /^ant2dadd[0-9]{1,3}@msn\.com$/ REJECTMSN SPAMMER > /^verifynoteletter[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER > /^ukinter[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER > /^a1tdad[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER > /^josephmorgan_[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER > /^joseph_[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER > /^morgan_[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER > > thx > Tom Hi Tom, its heavy to block hacked legal accounts from big mailers a few days ago i had this from yahoo,aol so i rejected that domains in total this might not work at your side. contacting these big mailers has no access in the most cases but you might try ask i.e on the postfix list, so others solved the case allready ( but give strong details about spam and your conf ) you have to do more analysis at your logs is spam relly comming from hotmail/msn servers are there always going to to the same recipients ( block msn only for them ) why does spamassassin not mark them etc perhaps try using clamav milter with sanesecurity antispam sigs blocks a lot here paste some example spam mail elsewhere to help create a matching spamassassin rule -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: MSN again
On 27/01/2012 09:25, Robert Schetterer wrote: if you are with postfix and these are the problem senders as short workaround make a sender reject table Hi Robert I have a regex sender reject table but the sender addresses are random. the localpart changes constantly here is my list so far /^wegoood[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER /^ukbcc[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER /^ant2dadd[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER /^verifynoteletter[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER /^ukinter[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER /^a1tdad[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER /^josephmorgan_[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER /^joseph_[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER /^morgan_[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER thx Tom
Re: MSN again
Am 27.01.2012 08:02, schrieb Tom Kinghorn: > Good morning List. > > Has anyone noticed a mass increase of spam mails from the hotmail.com > servers? > > In the last hour, these are our top 10 incoming senders. > > > > > > > > > > > > > Does anyone have any idea how to block this? > Message content appears random, so nothing is really effective in > blocking the messages. > > I have tried a regex rule to match the sender address but the sender > address is random. > > Thanks > Tom if you are with postfix and these are the problem senders as short workaround make a sender reject table -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
MSN again
Good morning List. Has anyone noticed a mass increase of spam mails from the hotmail.com servers? In the last hour, these are our top 10 incoming senders. Does anyone have any idea how to block this? Message content appears random, so nothing is really effective in blocking the messages. I have tried a regex rule to match the sender address but the sender address is random. Thanks Tom
Re: sa-update / perl error again
> After some help on the CentOS list, I may have found the problem: > >> perl-NetAddr-IP-4.044-1.el5.rf <=== I think that is the problem package >> >> I don't know if that version is required by the repoforge packages ... >> but base contains perl-NetAddr-IP-4.027-5.el5_6 >> >> I would see if I could replace perl-NetAddr-IP-4.044-1.el5.rf from >> repoforge with perl-NetAddr-IP-4.027-5.el5_6 from base. > > rpm -e --nodeps perl-NetAddr-IP > > vi /etc/yum.repos.d/rpmforge.repo > -- change all enabled = 1 to enabled = 0 temporarily (seems like > yum priorities is going to be a good idea) -- > > yum install perl-NetAddr-IP > > /etc/init.d/spamassassin condrestart > Stopping spamd: [ OK ] > Starting spamd: [ OK ] > > That seems to have done it. Does that make sense? Should > I report this to the RepoForge people? FYI: I did in fact report it to them, and it was eventually moved to the RepoForge extras repository, which finally fixes everything. Thanks again for the help
introducing body J_MAILBOX_FULL
body J_MAILBOX_FULL /^Your? ((web|E-?) ?mail|mailbox) .*(is|has) .*(exceed|over)/i Got to update it every day to stop those bast*rds.