Anyone have a nice rule that will catch the attached? It got negative scores with fake In-Reply-To, Approved-By, and X-Authentication-Warning lines. Also, note the faked PGP signature with random words following it. Sure is a lot of trouble to go through just to get a piece of spam to my inbox.
Well, this should catch the fake PGP signature that this spammer used:
body __PGP_SIGNED_MESSAGE /-----BEGIN PGP SIGNED MESSAGE-----/
meta PGP_SIGNATURE_ABUSED PGP_SIGNATURE && !__PGP_SIGNED_MESSAGE score PGP_SIGNATURE_ABUSED 4.6
Note: i used 4.6 as a score for this, to effectively flip the -2.3 of the PGP_SIGNATURE rule into a +2.3. It's still not enough to tag the message, but it's a start.
------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
