Habeas blacklist
Peter Peters
P.G.M.Peters at utwente.nl
Fri Jan 16 09:58:03 GMT 2004
On Thu, 15 Jan 2004 14:37:59 -0000, you wrote:
>In your /etc/MailScanner/spam.assassin.prefs.conf add the line
>
>score HABEAS_SWE 0
>
>They are forged headers, but it means that the HABEAS headers can no longer
>be considered trustworthy.
I have the following in my local cf in /etc/mail/spamassassin:
|# Jan 2004 : Fake Habeas
|header __HABEAS_SWE eval:message_is_habeas_swe( )
|header __HAB_FORGE_BOUND Content-Type =~ /boundary="--[0-9]{15,20}"/
|header __HAB_FORGE_MID Message-ID =~ /<[A-Z]{20,25}@[a-z]{3}/
|
|meta HABEAS_FORGERY (__HAB_FORGE_BOUND && __HAB_FORGE_MID && __HABEAS_SWE)
|meta HABEAS_SWE (__HABEAS_SWE && ! HABEAS_FORGERY)
|# -8.0 for default Habeas score.
|describe HABEAS_FORGERY Common Habeas Forgery
|score HABEAS_FORGERY 3.5
I don't remember where I got it. It could be nanae.
It should work with SA2.60 and higher because of the evaluations.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
More information about the MailScanner
mailing list