You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Bill McCormick <wp...@sbcglobal.net> on 2007/03/26 18:07:11 UTC
Geocities rule
I switched from using a RulesDeJour update script to sa-update. I'm no
longer getting hits on these geocites spams. Anybody know which sare
rule I need to add?
Thanks,
Bill McCormick
--
ACE-CO
--
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.448 / Virus Database: 268.18.18/733 - Release Date:
3/25/2007 11:07 AM
Re: Geocities rule
Posted by Bill McCormick <wp...@sbcglobal.net>.
Bill McCormick wrote:
>
> Bill McCormick wrote:
>> Bill McCormick wrote:
>>> I switched from using a RulesDeJour update script to sa-update. I'm no
>>> longer getting hits on these geocites spams. Anybody know which sare
>>> rule I need to add?
>>
>> I found and load the WebRedirect Plugin:
>> http://wiki.apache.org/spamassassin/WebRedirectPlugin
>>
>> Can anybody tell me if I'm going in the wrong direction?
>>
> Hmm ... that really didn't seem to help. Turns out that
> 70_sare_specific.cf should be hitting these really hard. The hits show
> up in maillog but not in the header report:
>
>
> X-Spam-DCC: CTc-dcc2/billinux 1031; Body=1 Fuz1=1 Fuz2=1
> X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
> billinux.billinux
> X-Spam-Bayes: 1.0000
> X-Spam-Status: Yes, score=10.7 required=5.0
> tests=BAYES_99,FORGED_RCVD_HELO,
> RCVD_IN_BL_SPAMCOP_NET autolearn=no version=3.1.8
> X-Spam-RBL: <dns:53.67.142.89.zen.spamhaus.org> [127.0.0.4, 127.0.0.11]
> <dns:53.67.142.89.combined.njabl.org> [127.0.0.3]
> <dns:53.67.142.89.bl.spamcop.net?type=TXT> ["Blocked - see
> http://www.spamcop.net/bl.shtml?89.142.67.53"]
> X-Spam-Pyzor: Reported 0 times.
> X-Spam-Report:
> * 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
> * 9.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
> * [score: 1.0000]
> * 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
> bl.spamcop.net
> * [Blocked - see <http://www.spamcop.net/bl.shtml?89.142.67.53>]
I think __SARE_SPEC_XXGEOCITIE is broken; I should have got a dozen hits
on that an not a single one. How can this be tested with grep or with
perl from the command line?
uri __SARE_SPEC_XXGEOCITIE
m'\b(?:(?!www)[a-z]{2,3})\.(?:geocities|tripod)\.com/\w{1,30}/\?'i
uri __SARE_SPEC_XX2GEOCIT /\b[a-z]{2}\.geocities\.com/i
meta SARE_SPEC_XXGEOCITIES2 !__SARE_SPEC_XXGEOCITIE &&
__SARE_SPEC_XX2GEOCIT
describe SARE_SPEC_XXGEOCITIES2 spamsign pointing to free webhost
spam site
score SARE_SPEC_XXGEOCITIES2 1.666
Thanks
--
Lost in RegExp Space
Re: Geocities rule
Posted by Bill McCormick <wp...@sbcglobal.net>.
Bill McCormick wrote:
> Bill McCormick wrote:
>> I switched from using a RulesDeJour update script to sa-update. I'm no
>> longer getting hits on these geocites spams. Anybody know which sare
>> rule I need to add?
>
> I found and load the WebRedirect Plugin:
> http://wiki.apache.org/spamassassin/WebRedirectPlugin
>
> Can anybody tell me if I'm going in the wrong direction?
>
Hmm ... that really didn't seem to help. Turns out that
70_sare_specific.cf should be hitting these really hard. The hits show
up in maillog but not in the header report:
X-Spam-DCC: CTc-dcc2/billinux 1031; Body=1 Fuz1=1 Fuz2=1
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on billinux.billinux
X-Spam-Bayes: 1.0000
X-Spam-Status: Yes, score=10.7 required=5.0 tests=BAYES_99,FORGED_RCVD_HELO,
RCVD_IN_BL_SPAMCOP_NET autolearn=no version=3.1.8
X-Spam-RBL: <dns:53.67.142.89.zen.spamhaus.org> [127.0.0.4, 127.0.0.11]
<dns:53.67.142.89.combined.njabl.org> [127.0.0.3]
<dns:53.67.142.89.bl.spamcop.net?type=TXT> ["Blocked - see
http://www.spamcop.net/bl.shtml?89.142.67.53"]
X-Spam-Pyzor: Reported 0 times.
X-Spam-Report:
* 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
* 9.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?89.142.67.53>]
Re: Geocities rule
Posted by Bill McCormick <wp...@sbcglobal.net>.
Bill McCormick wrote:
> I switched from using a RulesDeJour update script to sa-update. I'm no
> longer getting hits on these geocites spams. Anybody know which sare
> rule I need to add?
I found and load the WebRedirect Plugin:
http://wiki.apache.org/spamassassin/WebRedirectPlugin
Can anybody tell me if I'm going in the wrong direction?
Thanks