You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Joseph Brennan <br...@columbia.edu> on 2019/01/22 17:26:49 UTC
The latest bitcoin spam 1/22/19
Sent to me personally. Incredible amount of obfuscation. They are all
coming in from hosts in 185.118.165 and 185.118.166.
Note on X-Spam-Score header-- the local rule CU_INVOICE accounts for 0.5,
HTML_MESSAGE is 0.01, and CU_SPF_softfail is just information with a zero
score.
https://pastebin.com/p6xaWcA7
Joseph Brennan
Columbia U
Re: The latest bitcoin spam 1/22/19
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 22 Jan 2019, at 12:30, Kevin A. McGrail wrote:
> Are you using KAM.cf rules? The crim rules are designed for these.
Unfortunately, only 3 of the subrules match.
However, as I said in my prior message, the stock rules do catch this one.
Re: The latest bitcoin spam 1/22/19
Posted by "Kevin A. McGrail" <km...@apache.org>.
Are you using KAM.cf rules? The crim rules are designed for these.
On Tue, Jan 22, 2019, 12:27 Joseph Brennan <brennan@columbia.edu wrote:
>
> Sent to me personally. Incredible amount of obfuscation. They are all
> coming in from hosts in 185.118.165 and 185.118.166.
>
> Note on X-Spam-Score header-- the local rule CU_INVOICE accounts for 0.5,
> HTML_MESSAGE is 0.01, and CU_SPF_softfail is just information with a zero
> score.
>
> https://pastebin.com/p6xaWcA7
>
> Joseph Brennan
> Columbia U
>
>
Re: The latest bitcoin spam 1/22/19
Posted by John Hardin <jh...@impsec.org>.
On Tue, 22 Jan 2019, John Hardin wrote:
> On Tue, 22 Jan 2019, Joseph Brennan wrote:
>
>> Sent to me personally. Incredible amount of obfuscation.
>
> Okay, it looks like the fuzzy versions are still needed...
Restored.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Tomorrow: John Moses Browning's 164th Birthday
Re: The latest bitcoin spam 1/22/19
Posted by "Kevin A. McGrail" <km...@apache.org>.
On 1/22/2019 2:46 PM, John Hardin wrote:
> On Tue, 22 Jan 2019, Joseph Brennan wrote:
>
>> Sent to me personally. Incredible amount of obfuscation.
>
> Okay, it looks like the fuzzy versions are still needed...
>
I've added a few tweaks to my CRIM rules as well.
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
Re: The latest bitcoin spam 1/22/19
Posted by John Hardin <jh...@impsec.org>.
On Tue, 22 Jan 2019, Joseph Brennan wrote:
> Sent to me personally. Incredible amount of obfuscation.
Okay, it looks like the fuzzy versions are still needed...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Forces of tyranny expand inexorably to fill the space
made available for their existence. -- Jordan B. Peterson
-----------------------------------------------------------------------
Tomorrow: John Moses Browning's 164th Birthday
Re: The latest bitcoin spam 1/22/19
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 22 Jan 2019, at 12:26, Joseph Brennan wrote:
> Sent to me personally. Incredible amount of obfuscation. They are all
> coming in from hosts in 185.118.165 and 185.118.166.
>
> Note on X-Spam-Score header-- the local rule CU_INVOICE accounts for
> 0.5,
> HTML_MESSAGE is 0.01, and CU_SPF_softfail is just information with a
> zero
> score.
Rules in the current default ruleset score that above 7 by any of the
scoresets, excluding scores from Bayes & DNSBLs.
Have you run sa-update in the past month?
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole