On Wed, 2010-08-25 at 21:31 +0100, Martin Gregorie wrote: > On Wed, 2010-08-25 at 21:16 +0200, Karsten Bräckelmann wrote: > > http://pastebin.com/JAEuCSnC > > > Uhm, that's not typical spam. It's actually forum / blog comment spam, > > helpfully and automatically converted to a mail. > > Sure, but its off topic and, however ineptly, its certainly advertising. > That makes it spam in my book, no matter how it got into the mail > stream.
IMHO, this is not entirely correct. SA and its rules are designed to identify spam sent by mail. Not forum spam. The important difference is, that the latter is *only* the text. As a consequence, none of the header checks possibly apply. Which is a very vital part of identifying spam. No DNSBLs, no forged or mangled headers, no ratware patterns. But a valid(!) sender. The only thing left in this case is the body. Effectively, you are trying to use SA as a spam filter for a forum. Which pretty much equals the situation that has come up recently a few times: Check text entered in web-form. That is not what SA is designed to do. > A high proportion of the spam I receive arrives via Wine mailing list, > usually originating from the Wine forum or Nabble: stuff from the > Codeweavers forum is rare. This is probably because none of the Wine > moderators/maintainers seem to give a toss about spam filtering. There's your problem. The forum-to-mail gateway has generated a message you consider spam. The spammer did not generate a mail message, and probably didn't even intend it. It's just an additional bonus. -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}