These forum messages probably have a common URL in them.
Use something like:
blacklist_uri_host solidworks.com
to score the common URL.
h2h
On 10/10/20 4:52 PM, Ramon F Herrera wrote:
Hello all:
I have been a very satisfied user of spamassassin for a long time. Now I
am facing a challenge, a problem that I cannot resolve.
Years ago I was an active participant in the SolidWorks forum:
https://forum.solidworks.com
Unfortunately, there is a group there who when don't approve of a thread
their response is to send you a barrage of e-mails, some sort of DOS
attack. I have received thousands of those, during several years.
I dutifully have those messages processed by sa-learn, but it is clear
that they are immune to spamassassin. Instead of going up, their score
goes down.
I tried another approach (suggested by some of you folks): block the
sender by sendmail, as seen below. Such defensive strategy was helpful
for a couple years but now the spam has come back with a vengeance.
Currently, my last line of defense is the only one that recognizes that
stealth spam: the Thunderbird mail client.
Please help.
TIA,
-Ramon F. Herrera
ps: I do not have samples right now but will collect some and post them.