Francis Russell wrote:
Anyone know of any good rule-sets to block this sort of spam?
http://www.unchartedbackwaters.co.uk/files/russian_spam.txt
I find that Pyzor and Razor completely miss it as well as the DNS
blacklists (although I believe this one has a relay in one of the
Spamhaus ones now). I'm aware of the language whitelisting feature but
presumably there is a better way then just assuming everything in
language x is spam?
Francis
If you want something that's language specific, checking for koi8-r can
be quite effective, but if you do receive legitimate Russian mail then
it may lead to FPs. Anyway, here's a rule to check the subject that
would hit your example:
header LOCAL_CHARSET_SUBJECT Subject:raw =~
/\=\?(koi8-r|windows-1251|iso-2022-jp|gb2312)\?/i
There's a few other foreign character sets thrown in there that I also
reject - edit to suit your needs.
Looking at the rest of the mail, I have a few other custom rules that
fire on your example:
header LOCAL_THEBAT_MUA X-Mailer =~ /^The Bat!/
uri LOCAL_URI_RU m{https?://.{1,40}\.ru\b}
uri LOCAL_URI_CHAT_RU m{https?://.{1,40}\.chat\.ru\b}
I score against The Bat MUA, and also against any [dot] ru domains, plus
an additional (additive) score for [dot] chat [dot] ru URIs. I have no
legitimate use for these in emails (I also have a similar rule for
Chinese domains that's very popular!)
So I have 4 or 5 custom rules that all score against your example and
add a little to the score taking it well over the spam threshold.