Spam: Re: Getting hammered by: 82.45.242.21

Daniel Gercke gercke at HNM.DE
Fri Jun 11 16:15:39 IST 2004 

i´ve been reading in the SA-users threat that they will catch those 
messages by adding a simple rule like this:

header  GERMANSPAM  MESSAGEID =~ /^<.*[a-z].*\.qmail\@.*>/
describe        GERMANSPAM Contains German Spam
score           GERMANSPAM 100

can anyone confirm that qmail messageid´s normaly didn´t contain any 
letters?


Daniel Gercke

programmierung . system managements


Mariano Absatz schrieb:
> Mmhhh, this set is identical to the one sent by Jan-Peter, except for the 
> scores, which are a little less radical :-)
> 
> I've followed the thread in SA-users ( 
> http://marc.theaimsgroup.com/?t=108683377500001&r=1&w=2 ) and Matthias 
> Fuhrmann posted another set there (see 
> http://marc.theaimsgroup.com/?l=spamassassin-users&m=108688886800814&w=2 ) 
> but it seems to only cover the headers, and not the bodies...
> 
> Regards.
> 
> El 11 Jun 2004 a las 12:45, Daniel Gercke escribió:
> 
> 
>>i think this is german racism spam, generated by sobig.g .
>>
>>another discussion about this is:
>>
>>Re: [Fwd: {Spam?} Libanesen in Berlin <Id:1275>] where 
>>k.raven at FREENET.DE postet an spamassassin rule to catch these.
>>
>>i´m using these rule and it works. i attached them too.
>>
>>Daniel Gercke
>>
>>programmierung . system managements
>>
>>
>>Raymond Dijkxhoorn schrieb:
>>
>>>Hi!
>>>
>>>
>>>
>>>>We are getting hammered by the above ip, tons and tons of spam in german. We
>>>>get about 4 a minute from this IP address. I blocked it using the access.db,
>>>>but just wondering if anyone else has been getting hit by this person? I
>>>>also emailed abuse@ for the isp blueyonder.co.uk with headers of the email
>>>>etc ...
>>>
>>>
>>>We get the same, but not only from one IP, loads of them. Its all german
>>>crap, it even looks like a regular mail, but its total crap...
>>>
>>>Very annoying.
>>>
>>>Bye,
>>>Raymond.
>>>
>>>-------------------------- MailScanner list ----------------------
>>>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
>>>Before posting, please see the Most Asked Questions at
>>>http://www.mailscanner.biz/maq/     and the archives at
>>>http://www.jiscmail.ac.uk/lists/mailscanner.html
>>>
>>>
>>
>>--
>>haus neuer medien GmbH . agentur fuer neuen antrieb
>>.
>>Tel 03834 8313 0 . Fax 8313 13 . info at hnm.de . www.hnm.de
>>Wolgaster Strasse 146  (Ollmannsche Villa) . 17489 Greifswald
>>AG Stralsund HRB 5089 . Geschaeftsfuehrer Daniel Scheibner
>>.
>>-- 
>>[Diese Nachricht gilt als frei von Viren und gefaehrlichen Dateianhaengen.
>>Schutz vor Viren und Spam von haus neuer medien. Bei Fragen oder Interesse Kontakt ueber mailscanner at hnm.de oder 03834 83130.]
>>
>>
>>-------------------------- MailScanner list ----------------------
>>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
>>Before posting, please see the Most Asked Questions at
>>http://www.mailscanner.biz/maq/     and the archives at
>>http://www.jiscmail.ac.uk/lists/mailscanner.html
>>
>>
> 
> 
> 
> --
> Mariano Absatz
> El Baby
> ----------------------------------------------------------
> Military intelligence is a contradiction in terms
>       -- Groucho Marx
> 
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
> 
> 


--
haus neuer medien GmbH . agentur fuer neuen antrieb
.
Tel 03834 8313 0 . Fax 8313 13 . info at hnm.de . www.hnm.de
Wolgaster Strasse 146  (Ollmannsche Villa) . 17489 Greifswald
AG Stralsund HRB 5089 . Geschaeftsfuehrer Daniel Scheibner
.
-- 
[Diese Nachricht gilt als frei von Viren und gefaehrlichen Dateianhaengen.
Schutz vor Viren und Spam von haus neuer medien. Bei Fragen oder Interesse Kontakt ueber mailscanner at hnm.de oder 03834 83130.]

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list