Damm mortage and software spam
Rob
rob at THEHOSTMASTERS.COM
Tue Sep 21 13:42:08 IST 2004
<x-flowed>
I do, do www.surbl.org but not the other one I will check that one out....
thanks....
However I have not received one in the last 24 hours...
:)
Rob....
----- Original Message -----
From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Tuesday, September 21, 2004 4:18 AM
Subject: Re: Damm mortage and software spam
> Rob
> www.surbl.org (and a associated spamcop_uri plugin for SpamAssassin
> 2.6x) are not included in the rulesemporium stuff.
>
> It's a RBL style check, but it looks at URI's within the message body,
> rather than the traditions RBL's which only look at the ip-addresses the
> email is coming from( ie the message header).
>
> This is a really good technique of trapping the single graphic and link.
>
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Rob wrote:
>> I add a whole bunch last week..... see way below email for the ones I
>> installed
>>
>> Rob....
>>
>>
>>
>> ----- Original Message -----
>> From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>> Sent: Monday, September 20, 2004 8:50 AM
>> Subject: Re: Damm mortage and software spam
>>
>>
>>> Rob
>>>
>>> OK, looks like the www.surb.org URI rbls and spamcop_uri plugin are the
>>> guys you need...
>>>
>>> see their web page for installation instructions...
>>>
>>>
>>> --
>>> Martin Hepworth
>>> Snr Systems Administrator
>>> Solid State Logic
>>> Tel: +44 (0)1865 842300
>>>
>>>
>>> Rob wrote:
>>>
>>>> I still get those darn emails...
>>>>
>>>> are these spammers good, or is it just by fluke their getting by
>>>> mailscanner??
>>>>
>>>> Does anyone else have this issue...
>>>>
>>>> There are usually email for medical stuff and its only a graphic with a
>>>> remove link on the bottom of the page
>>>> Also the subject always has "meeting friday at 7-00"
>>>>
>>>> Any help appreciated
>>>>
>>>> Rob....
>>>>
>>>>
>>>>
>>>> ----- Original Message -----
>>>> From: "Rob" <rob at THEHOSTMASTERS.COM>
>>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>> Sent: Friday, September 17, 2004 1:16 PM
>>>> Subject: Re: Damm mortage and software spam
>>>>
>>>>
>>>>> Ok I added all those rules....
>>>>>
>>>>> Let see what happens now....
>>>>>
>>>>> :)
>>>>>
>>>>> Rob....
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Robin, Rob" <rrobin at GREENAPPLE.COM>
>>>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>>> Sent: Friday, September 17, 2004 10:42 AM
>>>>> Subject: Re: Damm mortage and software spam
>>>>>
>>>>>
>>>>>> Rob,
>>>>>>
>>>>>> It's there: http://www.rulesemporium.com/rules.htm
>>>>>> There should be rules for OEM software over there. Read the
>>>>>> description.
>>>>>>
>>>>>> I first tested it by downloading all the rules (except the
>>>>>> bigevil). Some of them are overly aggresive. Sending an attachment
>>>>>> using
>>>>>> a
>>>>>> IncrediMail will make it spam. (some of our customers like using
>>>>>> IncrediMail, their html and stuff can't be flagged as spam in my
>>>>>> scenario).
>>>>>>
>>>>>> I have narrowed it down to using:
>>>>>> GetRules
>>>>>> "http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>> GetRules
>>>>>> "http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_html.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_header.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_specific.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_ratware.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_adult.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf";
>>>>>> GetRules
>>>>>> "http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_spoof.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_random.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sc_top200.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_oem.cf";
>>>>>> GetRules
>>>>>> "http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_highrisk.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_unsub.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_body.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_subject.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_headers.cf"
>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_uri.cf";
>>>>>> GetRules
>>>>>> "http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_meta.cf";
>>>>>> GetRules "http://mywebpages.comcast.net/mkettler/sa/antidrug.cf";
>>>>>> GetRules "http://www.emtinc.net/includes/backhair.cf";
>>>>>> GetRules "http://www.emtinc.net/includes/chickenpox.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>> GetRules "http://www.stearns.org/sa-blacklist/random.current.cf";
>>>>>> GetRules "http://www.emtinc.net/includes/weeds.cf";
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> ------------------------
>>>>>> Rob Robin
>>>>>> Network Analyst
>>>>>> Green Apple, Inc.
>>>>>> 740-653-9890
>>>>>> rrobin at greenapple.com
>>>>>> www.greenapple.com
>>>>>> Internet access, hosting and development solutions since 1995.
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Rob [mailto:rob at THEHOSTMASTERS.COM]
>>>>>> Sent: Wednesday, September 15, 2004 10:43 AM
>>>>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>
>>>>>>
>>>>>> I do not see these rules on www.rulesemporium.com where are they?
>>>>>>
>>>>>> And after I added rules from www.rulesemporium.com I still get these
>>>>>> irritating emails with subject "your meeting on"
>>>>>>
>>>>>> and it has just a graphic and a remove link
>>>>>>
>>>>>> URGH!
>>>>>>
>>>>>> Rob....
>>>>>>
>>>>>>
>>>>>>
>>>>>> ----- Original Message -----
>>>>>> From: "Steve Mason" <smlists at SHAW.CA>
>>>>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>>>> Sent: Wednesday, September 15, 2004 9:49 AM
>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>
>>>>>>
>>>>>>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the
>>>>>>> software messages.
>>>>>>> I haven't seen any mortgage messages yet...
>>>>>>>
>>>>>>> Steve
>>>>>>>
>>>>>>>> I keep getting spam from mortgage and software sales.....
>>>>>>>> Anyone have a tip for not letting these guys through?
>>>>>>>> I can send headers, but last 2 times I did my email never got
>>>>>>>> through to
>>>>>>>> the list, I >guess cuz the mail server thought it was spam..
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Rob....
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>
More information about the MailScanner
mailing list