How to stop this spam?
Peter Peters
P.G.M.Peters at utwente.nl
Thu Jan 22 13:22:26 GMT 2004
On Sun, 18 Jan 2004 23:46:28 +0100, you wrote:
>> X-century-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.642,
>> required 5, BIZ_TLD 0.78, BigEvilList_131 3.00, HABEAS_SWE -8.00,
>> HTML_50_60 0.18, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.10,
>> MIME_HTML_ONLY_MULTI 1.10, RCVD_IN_BL_SPAMCOP_NET 2.25,
>> RCVD_IN_DSBL 1.10, RCVD_IN_DYNABLOCK 2.55, RCVD_IN_SORBS 0.10,
>> WHY_WAIT 0.48)
>> X-century-MailScanner-SpamScore: sss
>
>As discussed multiple times on the list, lower the HABEAS_SWE to -1 or
>something. -8 is way over the top it seems.
I use:
|# Jan 2004 : Fake Habeas
|header __HABEAS_SWE eval:message_is_habeas_swe( )
|header __HAB_FORGE_BOUND Content-Type =~ /boundary="--[0-9]{15,20}"/
|header __HAB_FORGE_MID Message-ID =~ /<[A-Z]{20,25}@[a-z]{3}/
|
|meta HABEAS_FORGERY (__HAB_FORGE_BOUND && __HAB_FORGE_MID && __HABEAS_SWE)
|meta HABEAS_SWE (__HABEAS_SWE && ! HABEAS_FORGERY)
|# -8.0 for default Habeas score.
|describe HABEAS_FORGERY Common Habeas Forgery
|score HABEAS_FORGERY 3.5
It helps me get away with the few spam that have Habeas headers and
don't get enough points from other spamassasins scores.
I haven't seen a habeas get through this.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
More information about the MailScanner
mailing list