You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Kern, Tom" <tk...@CHARMER.COM> on 2005/05/24 16:38:32 UTC
How can I block these emails?
Sample email-
sample email-
Be on Top.
Flexibility in the work days and hrs.
Process from your residence from anywhere in the world.
5,000US to 12,000US per/MO.
Court Awards Processor.
Excellent training and assistance.
http://gwnr.4oE.crossroadoat.com/lj/
Above for additional info or to un-register or to see our address.
They'll be utterly annihilated! he gasped. What shall we do? Oh, we can't
do anything just now, answered Rob
But it's curious to watch how bravely the poor fellows fight for their
lives
-I'm running SA 2.64 with amavis-new and Postfix.
Thanks
Re: How can I block these emails?
Posted by ev...@coolrunningconcepts.com.
Your sample email is exactly the reason I'm proposing my additional
spam lookup
method. That IP address does indeed resolve to an IP of a known spammer. If
you are worried about the gwnr.4oE portion being a key to your email, then
looking up the '*.crossroadoat.com' finds a wildcard that resolves to a
spammers IP address, so no further checking of sub-domains needs to be done,
and the message is spam!
Hopefully I can get a few people to agree that this method deserves
more testing
as I really think inclusion of this method (with an astronomically high
"weight"
so that it always makes the message "spam") is definately warranted.
The only downside is that without whitelisting, your message would not
have got
to me because it contained that URL. Auto-whitelisting (with aging) of
addresses you send mail to would be effective here as well to achieve a 0 FP
rate.
-- Evan
Quoting "Kern, Tom" <tk...@CHARMER.COM>:
> Sample email-
>
> sample email-
>
>
>
> Be on Top.
>
> Flexibility in the work days and hrs.
> Process from your residence from anywhere in the world.
>
> 5,000US to 12,000US per/MO.
> Court Awards Processor.
>
> Excellent training and assistance.
>
> http://gwnr.4oE.crossroadoat.com/lj/
>
> Above for additional info or to un-register or to see our address.
>
>
>
> They'll be utterly annihilated! he gasped. What shall we do? Oh, we can't
> do anything just now, answered Rob
> But it's curious to watch how bravely the poor fellows fight for their
> lives
>
>
>
>
>
> -I'm running SA 2.64 with amavis-new and Postfix.
>
> Thanks
>
Re: How can I block these emails?
Posted by Matt Kettler <mk...@evi-inc.com>.
Kern, Tom wrote:
> Sample email-
<snip>
>
>
> -I'm running SA 2.64 with amavis-new and Postfix.
Well, first, if you're going to send us a sample mail, we need the headers. At
least half of SA's power comes from detecting header signatures. Quoting just
the body text is of very limited use.
Suggestions based on the body alone:
1) install Mail::SpamCopURI to add SURBL checks. My copy of 2.64 picked the web
link up in the JP and OB lists
2) Set up razor2. Razor2's e8 hash also caught the web link.
3) train em in bayes using sa-learn.
4) you can make a custom body text rule, such as this one, but it's a bit
specific to this spam:
body L_COURT_PROC /\bCourt Awards? Processor\b/
describe L_COURT_PROC court award processing job
score L_COURT_PROC 2.0
With the headers their might be some other things to pick up on..