M>-----Original Message----- M>From: ROY,RHETT G [mailto:[EMAIL PROTECTED] M>Sent: 26 April 2005 14:51 M>To: users@spamassassin.apache.org M>Subject: SA config recommendations to block these spammers? M> M>I have two spammers that consistently get messages through to M>my inbox. M>Based on the attached, can you make any recommendations for M>improvements to my configuration that will help give these M>messages a higher score? I'm calling SA (spamd, 3.0.2) as a M>content filter from Postfix. M> M>Thanks, M> M>Rhett Roy M> M>debug: Net::DNS version: 0.23
Your Net::DNS is way too old to work with 3.0*, it needs upgrading for RBL and SURBL lookups to work and like Daryl says one of the spam's had a trailing : after the URL which makes SURBL lookups fail unless the patch is applied. I did write a rule to catch these since a lot of spammers are still using this trick :- uri __SpoofPort_URL /(?:\....:|\...:)/ uri __OkPort_URL /(?:\....:[0-9]|\...:[0-9])/ meta MS_Spoof_Port_URL ((__SpoofPort_URL - __OkPort_URL) > 0) score MS_Spoof_Port_URL 9 describe MS_Spoof_Port_URL Exploits SURBL bug in 3.0* URL with trailing : Worth having even with the patch, not had a FP on it yet. Martin