Spam from Free mail accounts

Paul Houselander (SME) housey at
Fri Aug 1 17:51:16 IST 2008

> > Just wondered if anyone else was experiencing a lot of spam getting
> > through that has been sent from, accounts etc..
> >
> > Have seen a big increase in the last couple of weeks, they do
> actually
> > come from hotmails and yahoo's servers so the network based checks
> don't
> > flag anything.
> I've been getting a lot of hits from these on our spam trap too.
> You can get network tests to work on Yahoo and Hotmail as they supply
> the injection IP address in the headers (either through a Received or
> X-Originating-IP).
> The CBL (e.g. Spamhaus XBL works pretty good on some of these injection
> addresses) however SpamAssassin isn't configured to do these tests.
> These rules will enable XBL tests on all the received headers for
> messages from Yahoo and Hotmail and should not cause FPs:
> # Freemailers
> header __FSL_HOST_YAHOO Received =~ /\.yahoo\.com/
> header __FSL_HOST_HOTMAIL Received =~ /\.hotmail\.com/
> # Check for SBL/XBL listings for all received headers from Yahoo and
> Hotmail
> eval:check_rbl_sub('zen','127.0.0.[2345678]')
> tflags __FSL_DEEP_RCVD_IN_SBLXBL net

Thanks steve above rule seems to have done the trick! Catching quite a few
with zero fp's so far

Thanks again!


More information about the MailScanner mailing list