On 14/03/12 02:36, Alex wrote:
Hi,
http://pastebin.com/raw.php?i=iquXBnH0
While I could create a rule to block this specific domain, or submit
it to a RBL, I'd appreciate any ideas how to more generally block
them, rather than by one characteristic in the message.
We need more examples.
That just occurred to me that it would help. Here are a few similar
ones, but these hit bayes99:
http://pastebin.com/raw.php?i=Axgx8qSP
http://pastebin.com/raw.php?i=7iU2MnP7
Here is an example more closely relating to the first one. Hit only
bayes50, no subject, freemail, very similar short body:
http://pastebin.com/raw.php?i=juvD9yzS
Thanks,
Alex
I've had some success with various meta rules working with
FREEMAIL_FROM, MISSING_SUBJECT, __HAS_ANY_URI, __MANY_RECIPS and
__LOCAL_SUBJ_BLANK.
__LOCAL_SUBJ_BLANK is my own simple meta:
# Blank Subject lines
header __LOCAL_SUBJ_CONTENT Subject =~ /./
header __LOCAL_SUBJ_RE Subject =~ /^re:?$/i
meta __LOCAL_SUBJ_BLANK (__LOCAL_SUBJ_RE ||
!__LOCAL_SUBJ_CONTENT)
I have had some FPs though, as it seems it's not that uncommon for
freemail users to send emails to half their address book with a URI and
forget to add a subject! Still, for my small volume server bayes and
whitelisting tend to catch those.