RE: Odd mail makes SA fall over
I received an odd email that makes spamd fall over. I'm using the SAWin32 port, and was wondering whether other users could also see the same problem with this message or whether the problem is peculiar to the Windows port. The glaring weirdness with this email is obviously the RSET in the To field - I don't know whether that was originally in the email or inserted by Mercury when it downloaded it from my POP account. Works fine with 3.1.8 under Linux. Got a score of 25/5 This is probably related to the Security Bug that was fixed in 3.1.8. So to re-iterate: 3.1.8 was a SECURITY release and you should upgrade. Real soon.
RE: Odd mail makes SA fall over
I received an odd email that makes spamd fall over. I'm using the SAWin32 port, and was wondering whether other users could also see the same problem with this message or whether the problem is peculiar to the Windows port. The glaring weirdness with this email is obviously the RSET in the To field - I don't know whether that was originally in the email or inserted by Mercury when it downloaded it from my POP account. Works fine with 3.1.8 under Linux. Got a score of 25/5 This is probably related to the Security Bug that was fixed in 3.1.8. So to re-iterate: 3.1.8 was a SECURITY release and you should upgrade. Real soon. I looks more closely at the sample email and it is not the same as the Bug I mentioned. Sorry about the noise.
RE: checksumming image spam
Razor is also a good check, but it only free for personal use (same as dcc): http://razor.sourceforge.net Razor compile and install is a bit more difficult than dcc or pyzor, as it might need a whole lot of perl modules (depending on what is already there), so better get your CPAN right and use perl newer than 5.8.3. -Sietse As of March 30, 2006, Razor2 no longer has the Personal Use Only clause. http://sourceforge.net/mailarchive/forum.php?thread_id=10079360forum_id =4258 quote Folks, I am pleased to announce that with the release of razor-agents 2.81[1] a new service policy has been introduced, that makes the use of Razor2 service completely open and free. A license introduced in 2003 restricted usage by third party integrators, but the new license unencumbers all usage, commercial or otherwise. My company, Cloudmark, hosts and manages the backend infrastructure that Razor2 agents use for reporting spam and checking fingerprints. Cloudmark retains the right to deny service to anyone abusing the backend, but will not, under normal circumstances, restrict usage in any way. Share and Enjoy! vipul [1] http://prdownloads.sourceforge.net/razor/razor-agents-2.81.tar.bz2?downl Oad /quote
RE: Need for a new rule?
There have been several threads about this specific spammer in the last few months. Some of them with this exact question - mostly the answer is no. e mail with No Thanks in the subject to st0ck62 @ yahoo.com It is much easier to match on this email address with something like: body L_STOX2 /st0ck\d{2}\s{0,[EMAIL PROTECTED],4}yahoo.com/i That is what I do to foil this particular spammer. Hope he doesn't change is fake email address ;) I get millions (mil|ions?) of spams from this guy (well, not millions, but I have recieved 15 in the last 2 hours). While generic tests for character/letter obfuscation are difficult, this guy is pretty predictable. body SRH_PENNY2 /(?:e\s*mai\||mi[|l]{2}ions|resu\|ts|wi[|l]{2})/ Add your own l-| words to this list, although he hasn't failed to use one in the list above in each one of his spams. -steve
RE: Need for a new rule?
While generic tests for character/letter obfuscation are difficult, this guy is pretty predictable. body SRH_PENNY2 /(?:e\s*mai\||mi[|l]{2}ions|resu\|ts|wi[|l]{2})/ Add your own l-| words to this list, although he hasn't failed to use one in the list above in each one of his spams. -steve Replying to myself (ps. drink more coffee). That should read: body SRH_PENNY2 /(?:e\s*mai\||mi\|lions|mil\|ions|resu\|ts|wil\|wi\|l)/i