You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Mike Yrabedra <li...@323inc.com> on 2008/01/23 02:10:35 UTC
Google link spam?
Is anyone else getting these google link spams?
They all seem to be endowment ad.
Like this...
Is it small?
http://www.gooogle.com/search?....
Anyone got a rule to kill these?
--
Mike B^)>
Re: Google link spam?
Posted by "McDonald, Dan" <Da...@austinenergy.com>.
On Tue, 2008-01-22 at 17:31 -0800, John D. Hardin wrote:
> On Tue, 22 Jan 2008, Mike Yrabedra wrote:
>
> > Is anyone else getting these google link spams?
>
I've not had any complaints about them sneaking past the existing rules.
> Yes, we've been discussing them for the past week.
>
> It's a good idea to check the list archives before asking if there are
> rules for a particular type of spam.
>
> > Anyone got a rule to kill these?
I've run John Hardin's rule all afternoon, and from amongst about 12000
spams I only saw two that hit:
Jan 22 17:29:23 sa amavis[16122]: (16122-14) SPAM,
<Ly...@addisonfab.com> -> <my...@austinenergy.com>, Yes,
score=7.843 tag=-99 tag2=4.5 kill=6.31 tests=[BODY_ENHANCEMENT=1.608,
DNS_FROM_RFC_BOGUSMX=2.125, GOOG_MALWARE_URI=0.1, L_P0F_W=1, RELAY_CN=3,
RELAY_US=0.01], autolearn=disabled, quarantine OOrIFqr7nOr2
(spam-quarantine)
Jan 22 17:30:22 sa amavis[16422]: (16422-19) SPAM,
<Ly...@addisonfab.com> -> <my...@austinenergy.com>, Yes,
score=7.843 tag=-99 tag2=4.5 kill=6.31 tests=[BODY_ENHANCEMENT=1.608,
DNS_FROM_RFC_BOGUSMX=2.125, GOOG_MALWARE_URI=0.1, L_P0F_W=1, RELAY_CN=3,
RELAY_US=0.01], autolearn=disabled, quarantine hiQD+uJgfngb
(spam-quarantine)
Both were detected without the rule. I'll watch it for the remainder of
the week before I decide whether I should keep it.
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com
Re: Google link spam?
Posted by "John D. Hardin" <jh...@impsec.org>.
On Tue, 22 Jan 2008, Mike Yrabedra wrote:
> Is anyone else getting these google link spams?
Yes, we've been discussing them for the past week.
It's a good idea to check the list archives before asking if there are
rules for a particular type of spam.
> http://www.gooogle.com/search?....
>
> Anyone got a rule to kill these?
Check the list archives for messages with "google" in the subject.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
USMC Rules of Gunfighting #4: If your shooting stance is good,
you're probably not moving fast enough nor using cover correctly.
-----------------------------------------------------------------------
5 days until the 41st anniversary of the loss of Apollo 1