You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by natoma <ro...@yahoo.it> on 2008/07/11 08:42:28 UTC
spamassassin rules bypassed
Good morning to everyone in the forum. I have been following with interest
this forum and now I have a question. I tried looking for answers but I
found nothing. I have this problem. I run a small mail-server and I use
spamassassin to filter the 98.2% spam that I usually receive. Since I'm in
Italy I wrote some custom rules to specifically tag the Italian language
spams. I am starting to receive a series of mail messages which somehow
manage to bypass the spam filters.
The spam messages contain a link to livefilestore.com (nothing new here)
but for some reason a simple rule such as body TEST1 /livefilestore/ is
not matched by the message.
The message shows well both in Eudora and in Openwebmail with a link to
livefilestore:
h**p://8re74q.blu.livefilestore.com/y1p9IMUyfh4QGq99lNJIy3lx1QdR1rNCzje8mr5HSwyDBghijtfjmIy1JJcrjNmYC3IKNm-QX2e8QRtufTNm5znLw/wmvvkrz.html
Checks to the text of the message describing the link are performed, but of
course they are not very useful. The relevant headers of the message are as
follows:
Subject: Indeed you can not try them?
Date: Thu, 10 Jul 2008 09:14:56 -0430
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_01C8E26D.6B798DA0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.2969
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.2969
Status: RO
X-Status:
X-Keywords:
X-UID: 37241
I have no idea of what's happening, neither I am able to think to a
workaround and these messages keep coming. Thanks again for any suggestion.
Luca
--
View this message in context: http://www.nabble.com/spamassassin-rules-bypassed-tp18397700p18397700.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: spamassassin rules bypassed
Posted by natoma <ro...@yahoo.it>.
Matt Kettler-3 wrote:
>
>
> Body tests don't match HTML tags, including links in tags. Is the
> above link done that way, or is it actually in the text?
>
> Change your rule type from body to uri to match URI/URL's in the
> message. Alternatively you can use rawbody, which will match HTML tags
> and body text.
>
>
Of course you are right, thank you very much. I used bodyraw and everything
went well, they are now filtered. Sorry for the n00bie question.
--
View this message in context: http://www.nabble.com/spamassassin-rules-bypassed-tp18397700p18404821.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: spamassassin rules bypassed
Posted by Matt Kettler <mk...@verizon.net>.
natoma wrote:
> Good morning to everyone in the forum. I have been following with interest
> this forum and now I have a question. I tried looking for answers but I
> found nothing. I have this problem. I run a small mail-server and I use
> spamassassin to filter the 98.2% spam that I usually receive. Since I'm in
> Italy I wrote some custom rules to specifically tag the Italian language
> spams. I am starting to receive a series of mail messages which somehow
> manage to bypass the spam filters.
>
> The spam messages contain a link to livefilestore.com (nothing new here)
> but for some reason a simple rule such as body TEST1 /livefilestore/ is
> not matched by the message.
>
> The message shows well both in Eudora and in Openwebmail with a link to
> livefilestore:
>
> h**p://8re74q.blu.livefilestore.com/y1p9IMUyfh4QGq99lNJIy3lx1QdR1rNCzje8mr5HSwyDBghijtfjmIy1JJcrjNmYC3IKNm-QX2e8QRtufTNm5znLw/wmvvkrz.html
>
Body tests don't match HTML tags, including links in <a> tags. Is the
above link done that way, or is it actually in the text?
Change your rule type from body to uri to match URI/URL's in the
message. Alternatively you can use rawbody, which will match HTML tags
and body text.