Habeas blacklist
Peter Peters
P.G.M.Peters at utwente.nl
Fri Jan 16 13:37:09 GMT 2004
On Fri, 16 Jan 2004 10:58:03 +0100, you wrote:
>I have the following in my local cf in /etc/mail/spamassassin:
>
>|# Jan 2004 : Fake Habeas
>|header __HABEAS_SWE eval:message_is_habeas_swe( )
>|header __HAB_FORGE_BOUND Content-Type =~ /boundary="--[0-9]{15,20}"/
>|header __HAB_FORGE_MID Message-ID =~ /<[A-Z]{20,25}@[a-z]{3}/
>|
>|meta HABEAS_FORGERY (__HAB_FORGE_BOUND && __HAB_FORGE_MID && __HABEAS_SWE)
>|meta HABEAS_SWE (__HABEAS_SWE && ! HABEAS_FORGERY)
>|# -8.0 for default Habeas score.
>|describe HABEAS_FORGERY Common Habeas Forgery
>|score HABEAS_FORGERY 3.5
I got some spam with habeas headers and it has HABEAS_FORGERY tags. But
also without that tag it would have hit my limit (54 and 56 SA score).
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
More information about the MailScanner
mailing list