> Date: Tue, 13 Mar 2012 08:25:21 -0400 > From: d...@roaringpenguin.com > To: users@spamassassin.apache.org > Subject: Re: Help with blocking Chinese Spam > > On Tue, 13 Mar 2012 09:48:37 +0000 > Jenny Lee <bodycar...@live.com> wrote: > > > I am getting this chinese spam every hour. I tried, ok_locales, > > ok_languages with texcat plugin... I tried matching the subject... > > but these people are always getting through. > > http://www.pastebin.ca/2127622 > > What rules/modifications do I need to do to get rid of this? > > We use this rule, but it's aggressive. It will block any Chinese message > with a Word or Excel attachment. For our user-base, that's fine, but YMMV. > > Regards, > > David. > > # Chinese spams > header __RP_SUBJ_UTF8 Subject:raw =~/=\?utf-8\?B/i > header __RP_SUBJ_GB2312 Subject:raw =~ /=\?gb2312\?B/i > header __RP_SUBJ_CJK Subject =~ /[\xe4-\xe9]/ > full __RP_8BIT_FNAME /name=.{0,30}[\x80-\xff]/ > full __RP_EXCEL /application\/vnd.ms-excel/i > full __RP_DOC /application\/msword/i > full __RP_GB2312_FNAME /name=.?=\?gb2312\?/i > meta RP_D_00032 (__RP_SUBJ_UTF8 && __RP_SUBJ_CJK && (__RP_EXCEL || __RP_DOC > || __RP_8BIT_FNAME)) || (__RP_SUBJ_GB2312 && (__RP_GB2312_FNAME || __RP_EXCEL > || __RP_DOC || __RP_8BIT_FNAME)) > describe RP_D_00032 Looks like a Chinese spam > score RP_D_00032 5.0 >
Thank you David. Will give this a go. What I don't understand is that... Why is this not catching this 'utf' which is on the subject? I used this for testing purposes. It catches other botnet headers like 'Experian', etc. header XX_CUSTOM_HEADER Subject =~ /Experian|\$1500|to your account on file today|into your account today|video|clip|movie| vid|episode|utf/i score XX_CUSTOM_HEADER 8.0 describe XX_CUSTOM_HEADER XX Custom Rules - Header J