Re: Help with tagging hotmail spam

2011-10-02 Thread Ned Slider
On 03/10/11 01:31, Alex wrote: Hi all, I have a fedora15 box with v3.3.2 and I have some hotmail spam that I can't figure out how to catch: http://pastebin.com/kkUUvYQp It's hitting BAYES_00 and no blacklists or other significant spam rules and not sure how to tag it. The user has reported rec

Re: Fw: Domain Notification JCM RAATS This is your Final Notice of Domain Listing - JARASOFT.COM

2011-10-02 Thread Benny Pedersen
On Sun, 2 Oct 2011 21:40:38 +0200, Jack Raats wrote: How to block these kinds of fraud using spamassassin? meta FREEMAIL_URIBL (FREEMAIL_FROM && URIBL_BLACK) score as needed :) or another one meta NOT_DNSWL_URIBL (!(RCVD_IN_DNSWL_NONE || RCVD_IN_DNSWL_LOW || RCVD_IN_DNSWL_MED || RCVD_IN_DN

Re: Help with tagging hotmail spam

2011-10-02 Thread Jason Haar
I followed the link and ended up downloading a Windows worm to my Linux laptop (Worm:Win32/Cridex.B if you care) So this isn't spam - it's a malware-run. Totally different rules apply to malware than spam - this sort of thing can only be fought by SA with RBL/SURBLs So the best response here woul

Re: Help with tagging hotmail spam

2011-10-02 Thread Martin Gregorie
On Sun, 2011-10-02 at 20:31 -0400, Alex wrote: > I have some hotmail spam that I can't figure out how to catch: > > http://pastebin.com/kkUUvYQp > > It's hitting BAYES_00 and no blacklists or other significant spam > rules and not sure how to tag it. The user has reported receiving this > spam se

Help with tagging hotmail spam

2011-10-02 Thread Alex
Hi all, I have a fedora15 box with v3.3.2 and I have some hotmail spam that I can't figure out how to catch: http://pastebin.com/kkUUvYQp It's hitting BAYES_00 and no blacklists or other significant spam rules and not sure how to tag it. The user has reported receiving this spam several times be

Re: Fw: Domain Notification JCM RAATS This is your Final Notice of Domain Listing - JARASOFT.COM

2011-10-02 Thread John Hardin
On Sun, 2 Oct 2011, Jack Raats wrote: DOMAIN NOTICEA new kind of fraud??? No, just trying to get you to buy something you don't need, basically "submitting your domain name to search engines". X-Spam-ASN: AS36351 184.173.0.0/18 X-Spam-Status: No, score=3.6 required=5.0 tests=FREEMAIL_FROM,

Re: new technique: borked zip attachment w/malware

2011-10-02 Thread Jason Haar
I don't get it: "=?iso-8859-5?B?NjI=?=" is "62" - that's not an empty filename? I sent it to our Exchange server and read it with Outlook - it didn't know what to do with it and even saving to disk and double-clicking failed to work. Renaming it with a .zip extension fixed that of course Jason O

Fw: Domain Notification JCM RAATS This is your Final Notice of Domain Listing - JARASOFT.COM

2011-10-02 Thread Jack Raats
DOMAIN NOTICEA new kind of fraud??? X-Spam-ASN: AS36351 184.173.0.0/18 X-Spam-Status: No, score=3.6 required=5.0 tests=FREEMAIL_FROM, HTML_FONT_SIZE_LARGE,HTML_MESSAGE,KHOP_DYNAMIC,MIME_HTML_ONLY, T_TO_NO_BRKTS_FREEMAIL,URIBL_BLACK shortcircuit=no autolearn=no version=3.3.2 How to block these k