Debora is a huge spammers!!!!
Charles Lacroix
clacroix at cegep-ste-foy.qc.ca
Mon Nov 13 18:25:02 GMT 2006
I'm also beiing hit quite a bit by this debora :)
maillog:22218
maillog.0.bz2:59521
maillog.1.bz2:5076
On Monday 13 November 2006 12:43, Rob Poe wrote:
> grep -c debora maillog*
> maillog:1364
> maillog.1:4611
> maillog.2:732
> maillog.3:4
> maillog.4:3
>
> >>> Martin Hepworth <martinh at solidstatelogic.com> 11/13/2006 3:05 AM >>>
>
> Michael S. wrote:
> > The huge increase in stock spam that everyone is seeing is coming from
> > the username that is consistently the same. Has anyone noticed?
> >
> > These are different variations of the username@
> >
> >
> >
> > deborahpessanha at bridportleisure.com
> > <mailto:deborahpessanha at bridportleisure.com>
> >
> > deborasalsano at brokermart.com <mailto:deborasalsano at brokermart.com>
> >
> > deborahvw at brooksmetals.com <mailto:deborahvw at brooksmetals.com>
> >
> >
> >
> > Etc. Notice the first 6 characters of every username being Debora?
> >
> >
> >
> >
> >
> > Is there an exim rule that one can implement in exim.conf for example
> > that rejects all mail arriving from Debora??????@fakedomain.com
> > <mailto:Debora??????@fakedomain.com>?
> >
> >
> >
> > Id rather do this at SMTP time instead of allows MS to kill it off as
> > there are thousands and the less MS has to work the better.
> >
> >
> >
> > Thanks
>
> Michael
>
> trapping them nicely here without fuzzyocr or imageinfo..
>
> 5.40 BAYES_99 Bayesian spam probability is 99 to 100%
> 4.00 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
> 0.77 DIGEST_MULTIPLE Message hits more than one network digest check
> 1.25 HOST_EQ_IT
> 0.50 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> 1.50 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
> above 50%
> 0.50 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> 0.79 SARE_LWSHORTT
> 1.66 SARE_MLB_Stock1
> 1.66 SARE_MLB_Stock2
> 1.66 SARE_MLB_Stock5 Mentions stock symbol, tickers, or OTC.
>
> the SARE stocks rules is very useful here...
> --
> Martin Hepworth
> Senior Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
Charles Lacroix, Administrateur UNIX.
Service des télécommunications et des technologies
Cégep de Sainte-Foy
(418) 659-6600 # 4266
More information about the MailScanner
mailing list