You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Luis Hernán Otegui <lu...@gmail.com> on 2007/03/30 16:18:53 UTC

An lot of these messages getting through

Hi, List, could somebody run these messages trhough SA and give me the
scores? On my servers they aren't scoring much, as you can see from the
headers added by SA. Any special rules to catch them?


Thanks,


Luis
-- 
-------------------------------------------------
GNU-GPL: "May The Source Be With You...
-------------------------------------------------

Re: An lot of these messages getting through

Posted by Bill Randle <bi...@neocat.org>.

On Fri, March 30, 2007 9:32 am, D Ivago wrote:
> 2007/3/30, Bill Randle <bi...@neocat.org>:
>
>>
>>
>> Yes, I created them by hand.
>>
>>
>> -Bill
>>
>
>
> Bill, do we need to add these lines in local.cf?
>
>
> at the moment I just add every domainname of  every stock mail that gets
> in my inbox but that's not really working great <duh>
>
> blacklist_from *altimawebsystems.com blacklist_from *ngt.net blacklist_from
> *ntertops.com
> blacklist_from *orientalimage.com blacklist_from *quipusbolivia.org
> blacklist_from *capitalmonitor.com blacklist_from *cbmpos.com
> blacklist_from *gloverstamp.com blacklist_from *netearth.net blacklist_from
> *hanryu.com
>
>
> grtz, divago
>
> ps I was wondering if these spammers are also subscribed to this list?
> cuz it's quite easy like this for them to see wich methods are the most
> efficient ... at least for some time :)

Yes, add them to local.cf and, if you're using amavisd or spamd, restart
them so they load the new rules. I usually end up creating new rules for
each of these penny stock spams. Your blacklist approach is obviously
another way to do it.

I've heard that spammers do read this list and yes they do modify their
messages when new rules are added. It's a never ending battle.

    -Bill


--

Re: An lot of these messages getting through

Posted by D Ivago <ba...@gmail.com>.

2007/3/30, Bill Randle <bi...@neocat.org>:
>
>
> Yes, I created them by hand.
>
>     -Bill


Bill, do we need to add these lines in local.cf?

at the moment I just add every domainname of  every stock mail that gets in
my inbox but that's not really working great <duh>

blacklist_from *altimawebsystems.com
blacklist_from *ngt.net
blacklist_from *ntertops.com
blacklist_from *orientalimage.com
blacklist_from *quipusbolivia.org
blacklist_from *capitalmonitor.com
blacklist_from *cbmpos.com
blacklist_from *gloverstamp.com
blacklist_from *netearth.net
blacklist_from *hanryu.com

grtz, divago

ps I was wondering if these spammers are also subscribed to this list? cuz
it's quite easy like this for them to see wich methods are the most
efficient ... at least for some time :)

Re: An lot of these messages getting through

Posted by Bill Randle <bi...@neocat.org>.

On Fri, 2007-03-30 at 12:35 -0300, Luis Hernán Otegui wrote:
> Thanks, these Stocks Du Jour rules have been created by you, aren't
> they? or is there a script to create/download them?

Yes, I created them by hand.

    -Bill

> Luis
> 
> 2007/3/30, Bill Randle <bi...@neocat.org>:
>         On Fri, 2007-03-30 at 11:18 -0300, Luis Hernán Otegui wrote: 
>         > Hi, List, could somebody run these messages trhough SA and
>         give me the
>         > scores? On my servers they aren't scoring much, as you can
>         see from
>         > the headers added by SA. Any special rules to catch them? 
>         
>         About the only thing they score on are the custom rules I
>         wrote:
>         
>         pts rule name              description
>         ----
>         ------------------------------------------------------------
>         0.4 HELO_EQ_AT             HELO_EQ_AT 
>         0.0 DK_POLICY_SIGNSOME     Domain Keys: policy says domain
>         signs some
>         mails
>         3.0 OLN_SDJ53              BODY: Stocks du jour 53 - last
>         3/29/07
>         3.0 OLN_SDJ52              BODY: Stocks du jour 52 - last
>         3/24/07 
>         0.0 BAYES_50               BODY: Bayesian spam probability is
>         40 to 60%
>                                     [score: 0.5176]
>         
>         The two OLN rules look like this:
>         
>         body OLN_SDJ53         /Critical C ?A ?R ?E N ?E ?W/i 
>         describe OLN_SDJ53     Stocks du jour 53 - last 3/29/07
>         score OLN_SDJ53        3.0
>         
>         body OLN_SDJ52         /symb?-C[\-_\.]?C[\-_\.]?T[\-_\.]?I/i
>         describe OLN_SDJ52     Stocks du jour 52 - last 3/24/07
>         score OLN_SDJ52         3.0
>         
>                 -Bill
>         
>         
> 
> 
> 
> -- 
> -------------------------------------------------
> GNU-GPL: "May The Source Be With You...
> -------------------------------------------------

Re: An lot of these messages getting through

Posted by Luis Hernán Otegui <lu...@gmail.com>.

Thanks, these Stocks Du Jour rules have been created by you, aren't they? or
is there a script to create/download them?

Luis

2007/3/30, Bill Randle <bi...@neocat.org>:
>
> On Fri, 2007-03-30 at 11:18 -0300, Luis Hernán Otegui wrote:
> > Hi, List, could somebody run these messages trhough SA and give me the
> > scores? On my servers they aren't scoring much, as you can see from
> > the headers added by SA. Any special rules to catch them?
>
> About the only thing they score on are the custom rules I wrote:
>
> pts rule name              description
> ---- ------------------------------------------------------------
> 0.4 HELO_EQ_AT             HELO_EQ_AT
> 0.0 DK_POLICY_SIGNSOME     Domain Keys: policy says domain signs some
> mails
> 3.0 OLN_SDJ53              BODY: Stocks du jour 53 - last 3/29/07
> 3.0 OLN_SDJ52              BODY: Stocks du jour 52 - last 3/24/07
> 0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
>                             [score: 0.5176]
>
> The two OLN rules look like this:
>
> body OLN_SDJ53         /Critical C ?A ?R ?E N ?E ?W/i
> describe OLN_SDJ53     Stocks du jour 53 - last 3/29/07
> score OLN_SDJ53        3.0
>
> body OLN_SDJ52         /symb?-C[\-_\.]?C[\-_\.]?T[\-_\.]?I/i
> describe OLN_SDJ52     Stocks du jour 52 - last 3/24/07
> score OLN_SDJ52        3.0
>
>         -Bill
>
>
>


-- 
-------------------------------------------------
GNU-GPL: "May The Source Be With You...
-------------------------------------------------

Re: An lot of these messages getting through

Posted by Bill Randle <bi...@neocat.org>.

On Fri, 2007-03-30 at 11:18 -0300, Luis Hernán Otegui wrote:
> Hi, List, could somebody run these messages trhough SA and give me the
> scores? On my servers they aren't scoring much, as you can see from
> the headers added by SA. Any special rules to catch them?

About the only thing they score on are the custom rules I wrote:

 pts rule name              description
---- ------------------------------------------------------------
 0.4 HELO_EQ_AT             HELO_EQ_AT
 0.0 DK_POLICY_SIGNSOME     Domain Keys: policy says domain signs some
mails
 3.0 OLN_SDJ53              BODY: Stocks du jour 53 - last 3/29/07
 3.0 OLN_SDJ52              BODY: Stocks du jour 52 - last 3/24/07
 0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
                            [score: 0.5176]

The two OLN rules look like this:

body OLN_SDJ53         /Critical C ?A ?R ?E N ?E ?W/i
describe OLN_SDJ53     Stocks du jour 53 - last 3/29/07
score OLN_SDJ53        3.0

body OLN_SDJ52         /symb?-C[\-_\.]?C[\-_\.]?T[\-_\.]?I/i
describe OLN_SDJ52     Stocks du jour 52 - last 3/24/07
score OLN_SDJ52        3.0

	-Bill