How to discard emails with info in X-Mailer and X-FID

René Berber r.berber at computer.org
Tue Jan 16 00:55:10 CET 2007


Randal, Phil wrote:

>>David Jourard wrote:
>> Today a new spam variant appeared and was getting thru my commercial 
>> spam service.
>> 
>> They  indicated that if I could block the variant till they fix it it 
>> would be good.
>> 
>> They gave the values for the  X-Mailer and X-FID.
>> 
>> Is it possible to discard the emails with these parameters via
>> MailScanner.

> Yes, 
> 
> Just create header rules in spamassassin to score them.
> 
> Today we've processed 2569 emails with X-FID: headers, all but 6 of
> which were tagged as spam without any new rules required.
> 
> The new spams are intriguing - they have three images, the first a .jpg
> of a pen knib, the second a stock pump/dump scam gif, and the third a
> "free emoticons for your email" gif.  The equivalent of attempted Bayes
> Poisoning for OCR scanners?

Uh?  What's there to poison with FuzzyOcr?

> I am sorely tempted to add "free emoticons" to my FuzzyOCR wordlist.

Not needed, FuzzyOcr scans all images and will detect the spam in the 2nd, it
may even stop with the second image if the score is high enough (this may be a
new feature not yet released, but soon).
-- 
René Berber



More information about the MailScanner mailing list