Re: MSN again
Am 27.01.2012 08:31, schrieb Tom Kinghorn:
> On 27/01/2012 09:25, Robert Schetterer wrote:
>> if you are with postfix
>> and these are the problem senders
>> as short workaround make a sender reject table
> Hi Robert
>
> I have a regex sender reject table but the sender addresses are random.
> the localpart changes constantly
>
> here is my list so far
>
> /^wegoood[0-9]{1,3}@msn\.com$/ REJECTMSN SPAMMER
> /^ukbcc[0-9]{1,3}@msn\.com$/ REJECTMSN SPAMMER
> /^ant2dadd[0-9]{1,3}@msn\.com$/ REJECTMSN SPAMMER
> /^verifynoteletter[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
> /^ukinter[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
> /^a1tdad[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
> /^josephmorgan_[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
> /^joseph_[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
> /^morgan_[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
>
> thx
> Tom
Hi Tom, its heavy to block
hacked legal accounts from big mailers
a few days ago i had this from yahoo,aol
so i rejected that domains in total
this might not work at your side.
contacting these big mailers has no access
in the most cases but you might try
ask i.e on the postfix list, so others solved the case
allready ( but give strong details about spam and your conf )
you have to do more analysis at your logs
is spam relly comming from hotmail/msn servers
are there always going to to the same recipients
( block msn only for them )
why does spamassassin not mark them etc
perhaps try using clamav milter with sanesecurity antispam sigs
blocks a lot here
paste some example spam mail elsewhere to help create
a matching spamassassin rule
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
Re: MSN again
On 27/01/2012 09:25, Robert Schetterer wrote:
if you are with postfix
and these are the problem senders
as short workaround make a sender reject table
Hi Robert
I have a regex sender reject table but the sender addresses are
random.
the localpart changes constantly
here is my list so far
/^wegoood[0-9]{1,3}@msn\.com$/
REJECT MSN SPAMMER
/^ukbcc[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
/^ant2dadd[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
/^verifynoteletter[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
/^ukinter[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
/^a1tdad[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
/^josephmorgan_[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
/^joseph_[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
/^morgan_[0-9]{1,3}@msn\.com$/ REJECT MSN SPAMMER
thx
Tom
Re: MSN again
Am 27.01.2012 08:02, schrieb Tom Kinghorn: > Good morning List. > > Has anyone noticed a mass increase of spam mails from the hotmail.com > servers? > > In the last hour, these are our top 10 incoming senders. > > > > > > > > > > > > > Does anyone have any idea how to block this? > Message content appears random, so nothing is really effective in > blocking the messages. > > I have tried a regex rule to match the sender address but the sender > address is random. > > Thanks > Tom if you are with postfix and these are the problem senders as short workaround make a sender reject table -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
MSN again
Good morning List. Has anyone noticed a mass increase of spam mails from the hotmail.com servers? In the last hour, these are our top 10 incoming senders. Does anyone have any idea how to block this? Message content appears random, so nothing is really effective in blocking the messages. I have tried a regex rule to match the sender address but the sender address is random. Thanks Tom
Re: sa-update / perl error again
> After some help on the CentOS list, I may have found the problem: > >> perl-NetAddr-IP-4.044-1.el5.rf <=== I think that is the problem package >> >> I don't know if that version is required by the repoforge packages ... >> but base contains perl-NetAddr-IP-4.027-5.el5_6 >> >> I would see if I could replace perl-NetAddr-IP-4.044-1.el5.rf from >> repoforge with perl-NetAddr-IP-4.027-5.el5_6 from base. > > rpm -e --nodeps perl-NetAddr-IP > > vi /etc/yum.repos.d/rpmforge.repo > -- change all enabled = 1 to enabled = 0 temporarily (seems like > yum priorities is going to be a good idea) -- > > yum install perl-NetAddr-IP > > /etc/init.d/spamassassin condrestart > Stopping spamd: [ OK ] > Starting spamd: [ OK ] > > That seems to have done it. Does that make sense? Should > I report this to the RepoForge people? FYI: I did in fact report it to them, and it was eventually moved to the RepoForge extras repository, which finally fixes everything. Thanks again for the help
introducing body J_MAILBOX_FULL
body J_MAILBOX_FULL /^Your? ((web|E-?) ?mail|mailbox) .*(is|has) .*(exceed|over)/i Got to update it every day to stop those bast*rds.
