You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Christopher X. Candreva" <ch...@westnet.com> on 2008/12/23 21:42:59 UTC
Rules for porn spam from Yahoo/live.com etc
I have one particular user being hammered by porn spam from freemail
accounts, mostly Yahoo and live.com . These are getting by existing
rules, including 70_sare_adult_cf .
The messages typically have a on-topic, suggestive Subject: line. The body
is a URL (google groups or other), and two lines of nonsense.
Is anyone else being hit by thse, and has come up with a defense ?
==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
Re: Rules for porn spam from Yahoo/live.com etc
Posted by Martin Gregorie <ma...@gregorie.org>.
On Tue, 2008-12-23 at 15:42 -0500, Christopher X. Candreva wrote:
> I have one particular user being hammered by porn spam from freemail
> accounts, mostly Yahoo and live.com . These are getting by existing
> rules, including 70_sare_adult_cf .
>
You may find this following approach. Its aim is to flag up spam from
the likes of Yahoo and Google without generating FPs by using metarules,
which IME are easier to make very selective than is possible with rules
based on a single, complex regex.
I've accumulated a set of subrules that match characteristic words,
phrases or URIs in the message body and another set of subrules that
fire for messages from known spam nests such as live.com, Google and
Yahoo: all subrules should have a very low score or have a double
underscore prefix to suppress the score. Using a low score makes
debugging easier than using the prefix because subrules that fire appear
in the X-Spam headers.
I combine them into scoring meta-rules. These are easy to make very
specific and can safely carry fairly high scores. Be sure to accumulate
a corpus of test messages and to regression test new or modified rules
against the complete corpus to make sure they only fire on the expected
messages.
I'm using a similar approach to trap listserv messages that punt
livespace websites.
I hope this gives you some useful ideas.
Martin
Re: Rules for porn spam from Yahoo/live.com etc
Posted by Michael Scheidell <sc...@secnap.net>.
>
> I have one particular user being hammered by porn spam from freemail
> accounts, mostly Yahoo and live.com . These are getting by existing
> rules, including 70_sare_adult_cf .
>
> The messages typically have a on-topic, suggestive Subject: line. The body
> is a URL (google groups or other), and two lines of nonsense.
>
uri ST_SPACES m'\.spaces\.live\.com($|/blog/)'
score ST_SPACES 15
Until someone at live.com actually takes abuse@ reports, and does something
about it.
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________