> Thus, based on my own observations, it looks like the value of rules in
> this particular area is going to be in scoring stuff that arrives before
> the domains show up in the various SURBLs.
>
Quite possibly, though it seems to have been selectively targeted to
some extent: at least it doesn'
Martin Gregorie wrote:
Alternatively, using a meta rule that combines the above pattern as a
sub-rule with two like this:
/[a-z]{7,8}[0-9]{4}/
that match against From: and Reply-To: headers would appear to be
fairly specific and worthy of a big score, but of course you'll have
spotted that a
On Wed, 2010-08-25 at 21:31 +0100, Martin Gregorie wrote:
> On Wed, 2010-08-25 at 21:16 +0200, Karsten Bräckelmann wrote:
> > http://pastebin.com/JAEuCSnC
>
> > Uhm, that's not typical spam. It's actually forum / blog comment spam,
> > helpfully and automatically converted to a mail.
>
> Sure, bu
On Wed, 2010-08-25 at 21:16 +0200, Karsten Bräckelmann wrote:
> http://pastebin.com/JAEuCSnC
> Uhm, that's not typical spam. It's actually forum / blog comment spam,
> helpfully and automatically converted to a mail.
>
Sure, but its off topic and, however ineptly, its certainly advertising.
That m
On Wed, 2010-08-25 at 01:06 +0300, Ibrahim Harrani wrote:
> Recently, I am getting russian spam like at
> http://pastebin.com/Yf3AusJ4
>
> All of their characteristic is that there are two line in the body.
> First is a sentence, second is url ending with .ru/
Hmm, I don't seem to have any proble
On Wed, 2010-08-25 at 19:56 +0100, Martin Gregorie wrote:
> > > BTW, I'm now starting to see spam that doesn't contain any URIs or other
> > > ways of identifying a source for the goods being advertised. So far its
> > > been for examination aids and footware and has all been sent via a
> > > maili
On Wed, 2010-08-25 at 20:04 +0200, Benny Pedersen wrote:
> On ons 25 aug 2010 13:37:57 CEST, Martin Gregorie wrote
> > BTW, I'm now starting to see spam that doesn't contain any URIs or other
> > ways of identifying a source for the goods being advertised. So far its
> > been for examination aids a
On Wed, 2010-08-25 at 14:29 +1200, Jason Haar wrote:
> On 08/25/2010 10:06 AM, Ibrahim Harrani wrote:
> > Hi,
> >
> > Recently, I am getting russian spam like at http://pastebin.com/Yf3AusJ4
> >
> > All of their characteristic is that there are two line in the body.
> > First is a sentence, second
On ons 25 aug 2010 04:29:02 CEST, Jason Haar wrote
It's nasty :-(
rules can be nasty to :)
#
# save into local_russian_domains.cf
#
uri __RU_TLD /\.ru\b/i
uri __RU_TLD_WHITE /\bexample\.ru\b/i
meta __URI_LISTED (URIBL_AB_SURBL || URIBL_WS_SURBL || URIBL_JP_SURBL
|| URIBL_BLACK || URIBL_DB
On 08/25/2010 10:06 AM, Ibrahim Harrani wrote:
> Hi,
>
> Recently, I am getting russian spam like at http://pastebin.com/Yf3AusJ4
>
> All of their characteristic is that there are two line in the body.
> First is a sentence, second is url ending with .ru/
>
This is an example of what I reported a
> On 1-25-2010 8:42 AM, Richard Smits wrote:
>> Does anyone knows any tricks to fight russian spam ? We are getting a
>> lot of this for the last weeks.
On 25.01.10 08:56, Dan Schaefer wrote:
> I have dealt with Russian spam by using on "en" in the ok_languages
> variable and increasing the sc
On 1-25-2010 8:42 AM, Richard Smits wrote:
Does anyone knows any tricks to fight russian spam ? We are getting a
lot of this for the last weeks.
I have dealt with Russian spam by using on "en" in the ok_languages
variable and increasing the score for "UNWANTED_LANGUAGE_BODY" to 10. I
also incre
> Anyone know of any good rule-sets to block this sort of spam?
>
> http://www.unchartedbackwaters.co.uk/files/russian_spam.txt
>
I get 17 points on that one. And looked the ip up manually on xbl and it is
there because its on cbl:
http://cbl.abuseat.org/lookup.cgi?ip=84.16.105.146
pts rule nam
Am 15. Jan 2009 um 01:35 CET schrieb Francis Russell:
> Anyone know of any good rule-sets to block this sort of spam?
>
> http://www.unchartedbackwaters.co.uk/files/russian_spam.txt
,
| X-Spam-Flag: YES
| X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on debian64.potato.lan
| X-Spam-
Benny Pedersen wrote:
Unfortunately, these two are because I receive mail via BT/Yahoo who
never do a PTR lookup on the IP.
> 3.3 TVD_RCVD_IP4 TVD_RCVD_IP4
> 1.6 TVD_RCVD_IPTVD_RCVD_IP
Oddly, I cant get this one to fire on my SA install.
> 2.0 FROM_EXCESS_BASE64 Fro
Michael Hutchinson wrote:
Hello,
Be careful with the character-set matching rules. I was using some of them and
got a high rate of FP's - it was mainly because of the koi8-r charset, and
scoring against that meant I was also scoring against perfectly legitimate
technical resource newsletters
On Thu, January 15, 2009 01:35, Francis Russell wrote:
> http://www.unchartedbackwaters.co.uk/files/russian_spam.txt
Content analysis details: (12.6 points, 5.0 required)
pts rule name description
--
-
1.5
glish.
Cheers,
Mike
-Original Message-
From: Ned Slider [mailto:n...@unixmail.co.uk]
Sent: Thursday, 15 January 2009 2:04 p.m.
To: users@spamassassin.apache.org
Subject: Re: Russian spam
Francis Russell wrote:
> Anyone know of any good rule-sets to block this sort of spam?
&
Francis Russell wrote:
Anyone know of any good rule-sets to block this sort of spam?
http://www.unchartedbackwaters.co.uk/files/russian_spam.txt
I find that Pyzor and Razor completely miss it as well as the DNS
blacklists (although I believe this one has a relay in one of the
Spamhaus ones now)
Hello,
You could write a Meta rule that contained two sub rules - one for matching
"The Bat!" mailer, and the other matching the "chat.ru" link at the bottom.
Fire a score if both rules hit. It may not be optimal, but it got rid of that
Spam for me, and I haven't had a FP yet.
If you check out
Jean-Paul Natola schrieb:
> Hi all,
>
> Is there a plugin and/or rule to block russian spam?
>
> Here's a sample
[...]
> Jean-Paul
I think the key is to give special score for "cyrillic chars" (unless
this doesnt affect your regular mails).
Perhaps:
ok_locales
e.g:
ok_locales en
But i
Jean-Paul Natola schrieb:
Hi all,
Is there a plugin and/or rule to block russian spam?
Here's a sample
[...]
Jean-Paul
I think the key is to give special score for "cyrillic chars" (unless
this doesnt affect your regular mails).
Perhaps:
ok_locales
e.g:
ok_locales en
But i dont exp
Kristopher Austin wrote:
I have received several copies of a spam message that is in Russian (I think
it's Russian). I get maybe 1 or 2 a week. I wish I could block all Russian
messages, but we are a University and could easily have Russian students. I am
unable to read this message and the
Are you running Mimedefang?
It might be a start.
We block email from subscriber addresses at networks that are known to be
large sources of spam.
See:
http://www.mimedefang.org/kwiki/index.cgi?PhilipsWorkingFilter
in particular, how %bad_tld's is used.
-Philip
Kristopher Austin wrote:
>I h
24 matches
Mail list logo