Hi,
I have one system with greylisting enabled and another that hasn't yet
been enabled. On the system without it, I'm receiving a ton of random
spam that hits bayes99 but pretty much nothing else.
http://pastebin.com/FzUkEvRp
It all seems to be related to the same botnet because it has these
random URLs to .gov sites in them, trying to legitimize its contents.
Any ideas for a rule or pattern that would block these more generally
than for just this specific version?
I'm sure it would now be on all the RBLs and be blocked, but I'd like to
know if there's something in the header or something else that can be
done to block all the random versions of this without having to write
body rules for each version.
I can supply other versions if needed...
Thanks,
Alex