You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Andy Spiegl <sp...@spiegl.de> on 2005/07/01 23:17:03 UTC
anyone has rules against new German money-making spam?
This new spam only hits J_CHICKENPOX_24 and DATE_IN_FUTURE_12_24 or
DATE_IN_PAST_12_24.
So far they all came with "angemessenes Gehalt" in the Subject:
Die beste Weise zu sein payed. Anti- Spam Schutzcode:MX-8253
Die einzigartige Moglichkeit zum Haben ein angemessenes Gehalt. Anti- Spam
Sind Sie bereit, ein angemessenes Gehalt zu haben. Schutzcode:LQ-2671
But the sender varies:
Yan Hoffmann
Yan Hofman
Yan Hoffmunn
The content is the same though, see attachment.
Any help is very much appreciated,
Andy.
--
o _ _ _
------- __o __o /\_ _ \\o (_)\__/o (_) -o)
----- _`\<,_ _`\<,_ _>(_) (_)/<_ \_| \ _|/' \/ /\\
---- (_)/ (_) (_)/ (_) (_) (_) (_) (_)' _\o_ _\_v
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Life is like a roll of toilet paper.
The closer it gets to the end, the faster it goes.
Re: anyone has rules against new German money-making spam?
Posted by Kai Schaetzl <ma...@conactive.com>.
Andy Spiegl wrote on Fri, 1 Jul 2005 23:17:03 +0200:
Got one of these as well.
> So far they all came with "angemessenes Gehalt" in the Subject:
>
>
> Die beste Weise zu sein payed. Anti- Spam Schutzcode:MX-8253
No, not in this one!
> Any help is very much appreciated,
Help in what? I'm sure you know how to write a header rule which triggers
on "Schutzcode" or some other typicality?
But the first thing before thinking about anti-spam measures is think
about your users: block email access to "paysde.com" in your MTAs access
list.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
Re: anyone has rules against new German money-making spam?
Posted by wolfgang <me...@gmx.net>.
In an older episode (Saturday 02 July 2005 01:55), Peter Marshall
<pm...@mailserv.caris.com> wrote:
>
> I am here. Just testing our vacation message
geez.
rawbody IS_THIS_REAL /I am here. Just testing our vacation message/
describe IS_THIS_REAL someone sending vacation messages to SA list posters
score IS_THIS_REAL 999
Re: anyone has rules against new German money-making spam?
Posted by wolfgang <me...@gmx.net>.
uri LOCAL_PAYSDE_URI /paysde\.com/
describe LOCAL_PAYSDE_URI contains a known spam URI
is a good start in my view
Re: anyone has rules against new German money-making spam?
Posted by Andy Spiegl <sp...@spiegl.de>.
> Also, unless this really is very common stuff, you should look to your
> Bayes database. Getting Bayes_00 on a spam is generally not a good sign!
Thanks, but the mail text is pretty usual German and 95% of my users are
Germans so I can't really do much about that. :-(
I'll try with some body rules, thanks!
Bye,
Andy.
--
o _ _ _
------- __o __o /\_ _ \\o (_)\__/o (_) -o)
----- _`\<,_ _`\<,_ _>(_) (_)/<_ \_| \ _|/' \/ /\\
---- (_)/ (_) (_)/ (_) (_) (_) (_) (_)' _\o_ _\_v
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Program testing can best show the presence of errors but never their absence.
(Edsger Wybe Dijkstra)
Re: anyone has rules against new German money-making spam?
Posted by Loren Wilton <lw...@earthlink.net>.
Don't have any rules for them, although it looks like you could do something
with the last part of the email and simple body rules to good effect. I
don't know and can't guess enough German to even make the attempt, but a
native speaker shouldn't find it too hard. Probably go for some of the
wording in that disclaimer at the end, or that fill-out form. Pretty much
any constant wording that isn't likely to show up elsewhere is good for a
simple rule.
Also, unless this really is very common stuff, you should look to your Bayes
database. Getting Bayes_00 on a spam is generally not a good sign!
Loren