I'm convinced that spammers are using me as a guinea pig.
I'm getting hit pretty hard by just a few determined spammers at the moment
who seem to vary their spam signature every day or so (they sent out through
thousands of free accounts at free email providers, so can't use client
DNSBL). But
Here is one example from this morning
http://pastebin.com/xxJut9wb
And after decoding that base64 attachment:
http://pastebin.com/BApWfSfd
Normally, there is a link or redirect to the spammer's site but this is one
of the ones that is missing that, it has all the same formatting and the
Benny Pedersen wrote:
invalid messageid and html attachment when there exists html body
Thanks for looking at that for me.
Forgive me since I am relatively new to Spamassasin, but why wouldn't it
have built-in rules for this, or are there rules that are just disabled by
default?
It
Adam Katz-10 wrote:
Thomas Rutter: If you have any objections to what I did, complain now.
That's fine.
I have been hard at work on tweaking these rules and have come up with new
versions which appear more effective. Have not spent much time on
performance though.
New version follows:
Hello,
I have created some rules which I have found to be very effective so far at
identifying a certain type of spam that spamassassin otherwises cannot
detect.
Here are the rules:
# highly suspicious practices
rawbody LOCAL_UNNECESSARY_UNESCAPE