On Fri, 2008-03-07 at 22:41 +1100, Robert S wrote:
> I have started, over the last few months, getting a lot of plain text "scam"
> messages ("Nigerian" type scams, lottery wins etc etc). Previously I had
> almost none of these.
>
> Unfortunately I'd need to send rather a lot of information about my configs,
> and log files to help, but can anybody point me in the right direction. I
> run sa-update every night.
>
> I do quite extensive filtering before sending messages to spamassassin - I
> use xbl.spamhaus.org to block messages and I also use selective greylisting
> and clam antivirus (which detects some scams). Maybe I'm not getting enough
> spam to train SA adequately (I train based on my "spam" and "ham" folder
> weekly).
>
> Sorry about the lack of detail, but I'm hoping somebody might have a simple
> answer.
>
>
>
Yes .. Some of these keep trickling tru :-(
But you should be able to catch most of them
Have you added the "sought " rules from
http://taint.org/2007/08/15/004348a.html
With these rules and my custom rules I catch 99% of these
But I keep getting some 2-5 daily complaints yet from customers
The problem I have noticed is that these spams usually come from
hijacked accounts. Hence they come from legitimate mail servers and
usually get thru clean from ip reputation filters.
So your *.spamhaus *.spamcop dont work here
A frighteningly large number of email users , use very simple passwords
( like password, welcome1 , hello , pass .. ) So spammers just guess
these passwords. Use authenticated sessions and bombard spams. By the
time the admin realizes this 1000's of spams have already been sent
But ultimately this boils down to end user education.
Recipients must realize that no one from Africa is going to transfer all
the millions of dollars in an unknown account , or there is nothing
called as a national lottery in the united Kingdom
Thanks
Ram
