Hi,
It has been a few years since I last wrote to the list. Our James 2.3
installation has been happily running all that time with no problems.
Recently however we are being plagued by a particular variety of spam
that the Bayesian filter just can't handle; 'no-body' spam. This
variety has seemingly random 'from' addresses (but usually with valid
domains). They all seem to come from different IP addresses which
suggests a bot-net and therefore can't be blocked by the firewall. But
the other distinguishing feature is their complete lack of any subject
or body. This is what makes it so difficult for the filter to latch onto.
A typical email looks as follows: -
Message-ID: <A[20
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-MessageIsSpamProbability: 0.018074688897863164
Received: from 38.124.60.215 ([38.124.60.215])
by somewhere.co.uk (JAMES SMTP Server 2.3.1) with SMTP ID 965
for <[email protected]>;
Sun, 22 Mar 2015 12:11:17 +0000 (GMT)
Date: Sun, 22 Mar 2015 12:11:17 +0000 (GMT)
From: [email protected]
Received: from 248.32.157.238 by 46.4.123.50; Sun, 22 Mar 2015
18:23:42 +0500
I was hoping that there was a matcher that I could use to reject all
email with no or very small (< 4 bytes) content. However, all I could
find was the 'SizeGreaterThan' matcher which matches the entire size of
the email.
As well as knowing if their is a solution for this I was also wondering
if anyone knows just what is the point of all this? I've heard one
theory that it poisons the filter but it just seems like a mindless act
to me.
Regards,
David Legg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
