Re: png images
On 17.7.2010 2:28, Peter Lowish wrote: > Perfect - thank you so much > > P > Note, that the L_PAYLOAD_CTYPE_PNG rule has no descriuption and score, my code was wrong, the code describes and scores HTML-version again. This error was in my actual script... I just noticed it myself. Also the ifplugin endif is missing, it is in the end of the previous line. > -Original Message- > From: Jari Fredriksson [mailto:ja...@iki.fi] > Sent: Saturday, 17 July 2010 4:09 a.m. > To: users@spamassassin.apache.org > Subject: Re: png images > > On 16.7.2010 4:04, Peter Lowish wrote: >> I am wondering if someone has a rule to deal with the current spam >> being sent with just a small png attachment the name of which changes >> >> >> >> There is no text in the email, just the attachment - the subject line >> is always different >> >> >> > > header __CTYPE_MULTIPART_ANY Content-Type =~ /multipart\/\w/i > ifplugin Mail::SpamAssassin::Plugin::MIMEHeader > mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i > meta L_MIME_NO_TEXT (__CTYPE_MULTIPART_ANY && !__ANY_TEXT_ATTACH) > scoreL_MIME_NO_TEXT 5.00 > describe L_MIME_NO_TEXT No text body parts endif > > header L_PAYLOAD_CTYPE_RTF Content-Type =~ /\bname=".+\.rtf"/i > describe L_PAYLOAD_CTYPE_RTF Payload is an RTF document, no text part > scoreL_PAYLOAD_CTYPE_RTF 5.0 > > header L_PAYLOAD_CTYPE_HTML Content-Type =~ /\bname=".+\.html"/i > describe L_PAYLOAD_CTYPE_HTML Payload is an HTML document, no text part > scoreL_PAYLOAD_CTYPE_HTML 5.0 > > header L_PAYLOAD_CTYPE_PNG Content-Type =~ /\bname=".+\.png"/i > describe L_PAYLOAD_CTYPE_HTML Payload is a PNG image, no text part > scoreL_PAYLOAD_CTYPE_HTML 5.0 > > > > > > -- > http://www.iki.fi/jarif/ > I use PGP. If there is an incompatibility problem with your mail client, > please contact me. > > Q:What do you call a half-dozen Indians with Asian flu? > A:Six sick Sikhs (sic). > > -- http://www.iki.fi/jarif/ I use PGP. If there is an incompatibility problem with your mail client, please contact me. You feel a whole lot more like you do now than you did when you used to. signature.asc Description: OpenPGP digital signature
Re: png images
On 16.7.2010 4:04, Peter Lowish wrote: > I am wondering if someone has a rule to deal with the current spam being > sent with just a small png attachment the name of which changes > > > > There is no text in the email, just the attachment – the subject line is > always different > > > header __CTYPE_MULTIPART_ANY Content-Type =~ /multipart\/\w/i ifplugin Mail::SpamAssassin::Plugin::MIMEHeader mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i meta L_MIME_NO_TEXT (__CTYPE_MULTIPART_ANY && !__ANY_TEXT_ATTACH) scoreL_MIME_NO_TEXT 5.00 describe L_MIME_NO_TEXT No text body parts endif header L_PAYLOAD_CTYPE_RTF Content-Type =~ /\bname=".+\.rtf"/i describe L_PAYLOAD_CTYPE_RTF Payload is an RTF document, no text part scoreL_PAYLOAD_CTYPE_RTF 5.0 header L_PAYLOAD_CTYPE_HTML Content-Type =~ /\bname=".+\.html"/i describe L_PAYLOAD_CTYPE_HTML Payload is an HTML document, no text part scoreL_PAYLOAD_CTYPE_HTML 5.0 header L_PAYLOAD_CTYPE_PNG Content-Type =~ /\bname=".+\.png"/i describe L_PAYLOAD_CTYPE_HTML Payload is a PNG image, no text part scoreL_PAYLOAD_CTYPE_HTML 5.0 -- http://www.iki.fi/jarif/ I use PGP. If there is an incompatibility problem with your mail client, please contact me. Q: What do you call a half-dozen Indians with Asian flu? A: Six sick Sikhs (sic). signature.asc Description: OpenPGP digital signature
Re: png images
and that ip is listed on 12 blacklists. my point exactly. you wanted to know how to block them? use the blacklists. On 7/15/10 9:14 PM, Peter Lowish wrote: From my mailwatch report 186.4.15.18 (Reverse Lookup Failed) (GeoIP Lookup Failed) ID: 1OYnOW-00019S-8I Message Headers:Received: from [186.4.15.18] (helo=ford.rzbgq.com) by host.webone.co.nz with smtp (Exim 4.69) (envelope-from) id 1OYnOW-00019S-8I for cr...@web1.co.nz; Wed, 14 Jul 2010 09:52:07 +1200 Message-ID: Date: Tue, 13 Jul 2010 15:52:06 -0600 From: Muncil Burnash MIME-Version: 1.0 To: Mintor Bukowiecki Subject: O young man, to-day, in the same position, should be Content-Type: multipart/mixed; boundary="5D3989FFQhaNktULeDGfQ2a4avs" From: pers...@vivotech.com To: cr...@web1.co.nz Subject:O young man, to-day, in the same position, should be Size: 29.1Kb - Here is the email header Return-path: Envelope-to: cr...@web1.co.nz Delivery-date: Wed, 14 Jul 2010 09:52:08 +1200 Received: from [186.4.15.18] (helo=ford.rzbgq.com) by host.webone.co.nz with smtp (Exim 4.69) (envelope-from) id 1OYnOW-00019S-8I for cr...@web1.co.nz; Wed, 14 Jul 2010 09:52:07 +1200 Message-ID: Date: Tue, 13 Jul 2010 15:52:06 -0600 From: Muncil Burnash MIME-Version: 1.0 To: Mintor Bukowiecki Subject: O young man, to-day, in the same position, should be Content-Type: multipart/mixed; boundary="5D3989FFQhaNktULeDGfQ2a4avs" X-webone-MailScanner-Information: Please contact the ISP for more information X-webone-MailScanner-ID: 1OYnOW-00019S-8I X-webone-MailScanner: Found to be clean X-webone-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=1.47, required 5, DCC_CHECK 1.37, RDNS_NONE 0.10) X-webone-MailScanner-SpamScore: s X-webone-MailScanner-From: pers...@vivotech.com X-EsetId: C30D4C20C48D2634974D -Original Message- From: Michael Scheidell [mailto:scheid...@secnap.net] Sent: Friday, 16 July 2010 1:07 p.m. To: users@spamassassin.apache.org Subject: Re: png images On 7/15/10 9:04 PM, Peter Lowish wrote: I am wondering if someone has a rule to deal with the current spam being sent with just a small png attachment the name of which changes There is no text in the email, just the attachment - the subject line is always different reputation lists, rbl's, most of that? isn't it coming from zombie dialups anyway? Thanks Peter -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: png images
On 7/15/10 9:04 PM, Peter Lowish wrote: I am wondering if someone has a rule to deal with the current spam being sent with just a small png attachment the name of which changes There is no text in the email, just the attachment – the subject line is always different reputation lists, rbl's, most of that? isn't it coming from zombie dialups anyway? Thanks Peter -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
png images
I am wondering if someone has a rule to deal with the current spam being sent with just a small png attachment the name of which changes There is no text in the email, just the attachment - the subject line is always different Thanks Peter