On Wed, 2010-08-25 at 21:31 +0100, Martin Gregorie wrote:
> On Wed, 2010-08-25 at 21:16 +0200, Karsten Bräckelmann wrote:
> > http://pastebin.com/JAEuCSnC
>
> > Uhm, that's not typical spam. It's actually forum / blog comment spam,
> > helpfully and automatically converted to a mail.
>
> Sure, but its off topic and, however ineptly, its certainly advertising.
> That makes it spam in my book, no matter how it got into the mail
> stream.
IMHO, this is not entirely correct.
SA and its rules are designed to identify spam sent by mail. Not forum
spam. The important difference is, that the latter is *only* the text.
As a consequence, none of the header checks possibly apply. Which is a
very vital part of identifying spam. No DNSBLs, no forged or mangled
headers, no ratware patterns. But a valid(!) sender. The only thing left
in this case is the body.
Effectively, you are trying to use SA as a spam filter for a forum.
Which pretty much equals the situation that has come up recently a few
times: Check text entered in web-form. That is not what SA is designed
to do.
> A high proportion of the spam I receive arrives via Wine mailing list,
> usually originating from the Wine forum or Nabble: stuff from the
> Codeweavers forum is rare. This is probably because none of the Wine
> moderators/maintainers seem to give a toss about spam filtering.
There's your problem.
The forum-to-mail gateway has generated a message you consider spam. The
spammer did not generate a mail message, and probably didn't even intend
it. It's just an additional bonus.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
