Damm mortage and software spam
Martin Hepworth
martinh at SOLID-STATE-LOGIC.COM
Tue Sep 21 09:18:03 IST 2004
<x-flowed>
Rob
www.surbl.org (and a associated spamcop_uri plugin for SpamAssassin
2.6x) are not included in the rulesemporium stuff.
It's a RBL style check, but it looks at URI's within the message body,
rather than the traditions RBL's which only look at the ip-addresses the
email is coming from( ie the message header).
This is a really good technique of trapping the single graphic and link.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Rob wrote:
> I add a whole bunch last week..... see way below email for the ones I
> installed
>
> Rob....
>
>
>
> ----- Original Message -----
> From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Sent: Monday, September 20, 2004 8:50 AM
> Subject: Re: Damm mortage and software spam
>
>
>> Rob
>>
>> OK, looks like the www.surb.org URI rbls and spamcop_uri plugin are the
>> guys you need...
>>
>> see their web page for installation instructions...
>>
>>
>> --
>> Martin Hepworth
>> Snr Systems Administrator
>> Solid State Logic
>> Tel: +44 (0)1865 842300
>>
>>
>> Rob wrote:
>>
>>> I still get those darn emails...
>>>
>>> are these spammers good, or is it just by fluke their getting by
>>> mailscanner??
>>>
>>> Does anyone else have this issue...
>>>
>>> There are usually email for medical stuff and its only a graphic with a
>>> remove link on the bottom of the page
>>> Also the subject always has "meeting friday at 7-00"
>>>
>>> Any help appreciated
>>>
>>> Rob....
>>>
>>>
>>>
>>> ----- Original Message -----
>>> From: "Rob" <rob at THEHOSTMASTERS.COM>
>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>> Sent: Friday, September 17, 2004 1:16 PM
>>> Subject: Re: Damm mortage and software spam
>>>
>>>
>>>> Ok I added all those rules....
>>>>
>>>> Let see what happens now....
>>>>
>>>> :)
>>>>
>>>> Rob....
>>>>
>>>>
>>>>
>>>> ----- Original Message -----
>>>> From: "Robin, Rob" <rrobin at GREENAPPLE.COM>
>>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>> Sent: Friday, September 17, 2004 10:42 AM
>>>> Subject: Re: Damm mortage and software spam
>>>>
>>>>
>>>>> Rob,
>>>>>
>>>>> It's there: http://www.rulesemporium.com/rules.htm
>>>>> There should be rules for OEM software over there. Read the
>>>>> description.
>>>>>
>>>>> I first tested it by downloading all the rules (except the
>>>>> bigevil). Some of them are overly aggresive. Sending an attachment
>>>>> using
>>>>> a
>>>>> IncrediMail will make it spam. (some of our customers like using
>>>>> IncrediMail, their html and stuff can't be flagged as spam in my
>>>>> scenario).
>>>>>
>>>>> I have narrowed it down to using:
>>>>> GetRules
>>>>> "http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>> GetRules
>>>>> "http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_html.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_header.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_specific.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_ratware.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_adult.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf";
>>>>> GetRules
>>>>> "http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_spoof.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_random.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sc_top200.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_oem.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_highrisk.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_unsub.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_body.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_subject.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_headers.cf"
>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_uri.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_meta.cf";
>>>>> GetRules "http://mywebpages.comcast.net/mkettler/sa/antidrug.cf";
>>>>> GetRules "http://www.emtinc.net/includes/backhair.cf";
>>>>> GetRules "http://www.emtinc.net/includes/chickenpox.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>> GetRules "http://www.stearns.org/sa-blacklist/random.current.cf";
>>>>> GetRules "http://www.emtinc.net/includes/weeds.cf";
>>>>>
>>>>>
>>>>> Thanks,
>>>>> ------------------------
>>>>> Rob Robin
>>>>> Network Analyst
>>>>> Green Apple, Inc.
>>>>> 740-653-9890
>>>>> rrobin at greenapple.com
>>>>> www.greenapple.com
>>>>> Internet access, hosting and development solutions since 1995.
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: Rob [mailto:rob at THEHOSTMASTERS.COM]
>>>>> Sent: Wednesday, September 15, 2004 10:43 AM
>>>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>>>> Subject: Re: Damm mortage and software spam
>>>>>
>>>>>
>>>>> I do not see these rules on www.rulesemporium.com where are they?
>>>>>
>>>>> And after I added rules from www.rulesemporium.com I still get these
>>>>> irritating emails with subject "your meeting on"
>>>>>
>>>>> and it has just a graphic and a remove link
>>>>>
>>>>> URGH!
>>>>>
>>>>> Rob....
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Steve Mason" <smlists at SHAW.CA>
>>>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>>> Sent: Wednesday, September 15, 2004 9:49 AM
>>>>> Subject: Re: Damm mortage and software spam
>>>>>
>>>>>
>>>>>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the
>>>>>> software messages.
>>>>>> I haven't seen any mortgage messages yet...
>>>>>>
>>>>>> Steve
>>>>>>
>>>>>>> I keep getting spam from mortgage and software sales.....
>>>>>>> Anyone have a tip for not letting these guys through?
>>>>>>> I can send headers, but last 2 times I did my email never got
>>>>>>> through to
>>>>>>> the list, I >guess cuz the mail server thought it was spam..
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Rob....
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>
More information about the MailScanner
mailing list