You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Francesco Acchiappati <fr...@secoges.com> on 2014/02/27 12:50:31 UTC

need some help for custom filter

Helllo everyone,
i'm in need to build a custom filter to block unsolicited emails from a
brazilian "advertising" company.
i can't get rid so i collected a couple of headers and i'd like to hear
from you on what would be the best way to create a filter for them.

headers follow:
------------------
Received: from ads42.diamagazineoff.com.br (ads42.diamagazineoff.com.br
[78.129.159.202])
        by mail.secoges.com (Postfix) with ESMTP id 2C93A1938587
        for <co...@secoges.com>; Thu, 27 Feb 2014 09:11:37 +0100
(CET)
Date: Thu, 27 Feb 2014 05:07:57 -0300
To: "--removed--" <--removed-->
From: Dafiti - Parceiros <pa...@diamagazineoff.com.br>
Reply-to: Dafiti - Parceiros <pa...@diamagazineoff.com.br>
Subject:
=?utf-8?Q?Liquida_de_cal=C3=A7ados_Dafiti_Compre_com_at=C3=A9_70%
_e_aprov?=
 =?utf-8?Q?eite?=
Message-ID: <9e...@localhost.localdomain>
X-Priority: 3
Sender: <us...@diamagazineoff.com.br>
-----------------

Received: from mmg19.namobly.com (mmg19.namobly.com [173.44.54.19])
        by mail.secoges.com (Postfix) with ESMTP id 5D67E193857B
        for <co...@secoges.com>; Tue, 25 Feb 2014 17:44:26 +0100
(CET)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dk;
d=viajarelite.com.br;
 h=Date:From:Subject:To:Reply-to:Mime-Version:Content-type:Message-ID;
i=fa@viajarelite.com.br;
 bh=mbG4Y+LtzBtVi4cuWk0Ru5Q2NwE=;
 b=rx82PtQbpoc
+TKm0jFlFLPHjunj410FLxk2JYYkpvqWlnSMXIvSEP6ZI1m5sY8sgEyFwetB4lFPC

4kg8iK9yDsMNkj4VCvekqurPISwjCFVQMVHdRRmwFdHctPcH74GJBE4iEZeMwZrBcTrSyyqVd747
   75egg3/5C0JLw9fnD1g=
Date: Tue, 25 Feb 2014 16:39:43 -0000
From: "Dafiti - Parceiros" <fa...@viajarelite.com.br>
Subject: 4 sapatos de arrasar por apenas 150,00 Leve agora pra casa
To: --removed--
Reply-to: "Dafiti - Parceiros" <fa...@viajarelite.com.br>

----------------------

Received: from klm26.xptoplus.com.br (klm26.xptoplus.com.br
[198.23.201.26])
        by mail.secoges.com (Postfix) with ESMTP id 1676A193857A
        for <co...@secoges.com>; Thu, 13 Feb 2014 09:00:07 +0100
(CET)
Date: Thu, 13 Feb 2014 06:00:01 -0200
To: "--removed--" <--removed-->
From: Dafiti Sports <wi...@xptoplus.com.br>
Reply-to: Dafiti Sports <wi...@xptoplus.com.br>
Subject: =?utf-8?Q?Ainda_n=C3=A3o_usou_os_seus_100,00_Off=3F_Aproveite?=
Message-ID: <61...@localhost.localdomain>
X-Priority: 3
Sender: <us...@xptoplus.com.br>
X-Mailer: OEM
X-Complaints-To: spam-report@xptoplus.com.br
List-Unsubscribe:
<http://xptoplus.com.br/media/u.php?p=s6/rs/5m27/ry/uj/rs>

---------

thanks in advance.

Re: need some help for custom filter

Posted by Benny Pedersen <me...@junc.eu>.

On 2014-02-27 12:50, Francesco Acchiappati wrote:
> List-Unsubscribe:
> <http://xptoplus.com.br/media/u.php?p=s6/rs/5m27/ry/uj/rs>

what happens if you use this link ?

to the other samples i dont know

Re: need some help for custom filter

Posted by Benny Pedersen <me...@junc.eu>.

On 2014-02-27 13:08, Axb wrote:

> their Xmailer may be a good trait as well .-)
> X-Mailer: OEM

and localhost.localdomain with is pretty much anywhere but i dont post 
this msg :)

Re: need some help for custom filter

Posted by Francesco Acchiappati <fr...@secoges.com>.


Il giorno gio, 27/02/2014 alle 13.08 +0100, Axb ha scritto:
> On 02/27/2014 12:50 PM, Francesco Acchiappati wrote:
> > Helllo everyone,
> > i'm in need to build a custom filter to block unsolicited emails from a
> > brazilian "advertising" company.
> > i can't get rid so i collected a couple of headers and i'd like to hear
> > from you on what would be the best way to create a filter for them.
> >
> > headers follow:
> > ------------------
> > Received: from ads42.diamagazineoff.com.br (ads42.diamagazineoff.com.br
> > [78.129.159.202])
> >          by mail.secoges.com (Postfix) with ESMTP id 2C93A1938587
> >          for <co...@secoges.com>; Thu, 27 Feb 2014 09:11:37 +0100
> > (CET)
> > Date: Thu, 27 Feb 2014 05:07:57 -0300
> > To: "--removed--" <--removed-->
> > From: Dafiti - Parceiros <pa...@diamagazineoff.com.br>
> > Reply-to: Dafiti - Parceiros <pa...@diamagazineoff.com.br>
> > Subject:
> > =?utf-8?Q?Liquida_de_cal=C3=A7ados_Dafiti_Compre_com_at=C3=A9_70%
> > _e_aprov?=
> >   =?utf-8?Q?eite?=
> > Message-ID: <9e...@localhost.localdomain>
> > X-Priority: 3
> > Sender: <us...@diamagazineoff.com.br>
> > -----------------
> >
> > Received: from mmg19.namobly.com (mmg19.namobly.com [173.44.54.19])
> >          by mail.secoges.com (Postfix) with ESMTP id 5D67E193857B
> >          for <co...@secoges.com>; Tue, 25 Feb 2014 17:44:26 +0100
> > (CET)
> > DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dk;
> > d=viajarelite.com.br;
> >   h=Date:From:Subject:To:Reply-to:Mime-Version:Content-type:Message-ID;
> > i=fa@viajarelite.com.br;
> >   bh=mbG4Y+LtzBtVi4cuWk0Ru5Q2NwE=;
> >   b=rx82PtQbpoc
> > +TKm0jFlFLPHjunj410FLxk2JYYkpvqWlnSMXIvSEP6ZI1m5sY8sgEyFwetB4lFPC
> >
> > 4kg8iK9yDsMNkj4VCvekqurPISwjCFVQMVHdRRmwFdHctPcH74GJBE4iEZeMwZrBcTrSyyqVd747
> >     75egg3/5C0JLw9fnD1g=
> > Date: Tue, 25 Feb 2014 16:39:43 -0000
> > From: "Dafiti - Parceiros" <fa...@viajarelite.com.br>
> > Subject: 4 sapatos de arrasar por apenas 150,00 Leve agora pra casa
> > To: --removed--
> > Reply-to: "Dafiti - Parceiros" <fa...@viajarelite.com.br>
> >
> > ----------------------
> >
> > Received: from klm26.xptoplus.com.br (klm26.xptoplus.com.br
> > [198.23.201.26])
> >          by mail.secoges.com (Postfix) with ESMTP id 1676A193857A
> >          for <co...@secoges.com>; Thu, 13 Feb 2014 09:00:07 +0100
> > (CET)
> > Date: Thu, 13 Feb 2014 06:00:01 -0200
> > To: "--removed--" <--removed-->
> > From: Dafiti Sports <wi...@xptoplus.com.br>
> > Reply-to: Dafiti Sports <wi...@xptoplus.com.br>
> > Subject: =?utf-8?Q?Ainda_n=C3=A3o_usou_os_seus_100,00_Off=3F_Aproveite?=
> > Message-ID: <61...@localhost.localdomain>
> > X-Priority: 3
> > Sender: <us...@xptoplus.com.br>
> > X-Mailer: OEM
> > X-Complaints-To: spam-report@xptoplus.com.br
> > List-Unsubscribe:
> > <http://xptoplus.com.br/media/u.php?p=s6/rs/5m27/ry/uj/rs>
> >
> > ---------
> >
> > thanks in advance.
> >
> 
> untested rule:
> 
> header	SPAM_DAFITI	Reply-to =~ /\bDafiti\b/
> 
> score as high as you please
> this rule may not work for long
> 
> their Xmailer may be a good trait as well .-)
> X-Mailer: OEM
> 
> 
> 
> 


Wow, that was blazing fast!
thank you very much for the help. :)

Re: need some help for custom filter

Posted by Axb <ax...@gmail.com>.

On 02/27/2014 12:50 PM, Francesco Acchiappati wrote:
> Helllo everyone,
> i'm in need to build a custom filter to block unsolicited emails from a
> brazilian "advertising" company.
> i can't get rid so i collected a couple of headers and i'd like to hear
> from you on what would be the best way to create a filter for them.
>
> headers follow:
> ------------------
> Received: from ads42.diamagazineoff.com.br (ads42.diamagazineoff.com.br
> [78.129.159.202])
>          by mail.secoges.com (Postfix) with ESMTP id 2C93A1938587
>          for <co...@secoges.com>; Thu, 27 Feb 2014 09:11:37 +0100
> (CET)
> Date: Thu, 27 Feb 2014 05:07:57 -0300
> To: "--removed--" <--removed-->
> From: Dafiti - Parceiros <pa...@diamagazineoff.com.br>
> Reply-to: Dafiti - Parceiros <pa...@diamagazineoff.com.br>
> Subject:
> =?utf-8?Q?Liquida_de_cal=C3=A7ados_Dafiti_Compre_com_at=C3=A9_70%
> _e_aprov?=
>   =?utf-8?Q?eite?=
> Message-ID: <9e...@localhost.localdomain>
> X-Priority: 3
> Sender: <us...@diamagazineoff.com.br>
> -----------------
>
> Received: from mmg19.namobly.com (mmg19.namobly.com [173.44.54.19])
>          by mail.secoges.com (Postfix) with ESMTP id 5D67E193857B
>          for <co...@secoges.com>; Tue, 25 Feb 2014 17:44:26 +0100
> (CET)
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dk;
> d=viajarelite.com.br;
>   h=Date:From:Subject:To:Reply-to:Mime-Version:Content-type:Message-ID;
> i=fa@viajarelite.com.br;
>   bh=mbG4Y+LtzBtVi4cuWk0Ru5Q2NwE=;
>   b=rx82PtQbpoc
> +TKm0jFlFLPHjunj410FLxk2JYYkpvqWlnSMXIvSEP6ZI1m5sY8sgEyFwetB4lFPC
>
> 4kg8iK9yDsMNkj4VCvekqurPISwjCFVQMVHdRRmwFdHctPcH74GJBE4iEZeMwZrBcTrSyyqVd747
>     75egg3/5C0JLw9fnD1g=
> Date: Tue, 25 Feb 2014 16:39:43 -0000
> From: "Dafiti - Parceiros" <fa...@viajarelite.com.br>
> Subject: 4 sapatos de arrasar por apenas 150,00 Leve agora pra casa
> To: --removed--
> Reply-to: "Dafiti - Parceiros" <fa...@viajarelite.com.br>
>
> ----------------------
>
> Received: from klm26.xptoplus.com.br (klm26.xptoplus.com.br
> [198.23.201.26])
>          by mail.secoges.com (Postfix) with ESMTP id 1676A193857A
>          for <co...@secoges.com>; Thu, 13 Feb 2014 09:00:07 +0100
> (CET)
> Date: Thu, 13 Feb 2014 06:00:01 -0200
> To: "--removed--" <--removed-->
> From: Dafiti Sports <wi...@xptoplus.com.br>
> Reply-to: Dafiti Sports <wi...@xptoplus.com.br>
> Subject: =?utf-8?Q?Ainda_n=C3=A3o_usou_os_seus_100,00_Off=3F_Aproveite?=
> Message-ID: <61...@localhost.localdomain>
> X-Priority: 3
> Sender: <us...@xptoplus.com.br>
> X-Mailer: OEM
> X-Complaints-To: spam-report@xptoplus.com.br
> List-Unsubscribe:
> <http://xptoplus.com.br/media/u.php?p=s6/rs/5m27/ry/uj/rs>
>
> ---------
>
> thanks in advance.
>

untested rule:

header	SPAM_DAFITI	Reply-to =~ /\bDafiti\b/

score as high as you please
this rule may not work for long

their Xmailer may be a good trait as well .-)
X-Mailer: OEM