Spam from Free mail accounts
Paul Houselander (SME)
housey at sme-ecom.co.uk
Fri Aug 1 17:51:16 IST 2008
> > Just wondered if anyone else was experiencing a lot of spam getting
> > through that has been sent from yahoo.com, hotmail.com accounts etc..
> >
> > Have seen a big increase in the last couple of weeks, they do
> actually
> > come from hotmails and yahoo's servers so the network based checks
> don't
> > flag anything.
>
>
> I've been getting a lot of hits from these on our spam trap too.
>
> You can get network tests to work on Yahoo and Hotmail as they supply
> the injection IP address in the headers (either through a Received or
> X-Originating-IP).
>
> The CBL (e.g. Spamhaus XBL works pretty good on some of these injection
> addresses) however SpamAssassin isn't configured to do these tests.
>
> These rules will enable XBL tests on all the received headers for
> messages from Yahoo and Hotmail and should not cause FPs:
>
> # Freemailers
> header __FSL_HOST_YAHOO Received =~ /\.yahoo\.com/
> header __FSL_HOST_HOTMAIL Received =~ /\.hotmail\.com/
>
> # Check for SBL/XBL listings for all received headers from Yahoo and
> Hotmail
> header __FSL_DEEP_RCVD_IN_SBLXBL
> eval:check_rbl_sub('zen','127.0.0.[2345678]')
> tflags __FSL_DEEP_RCVD_IN_SBLXBL net
> meta FSL_FREEMAIL_SBLXBL __FSL_DEEP_RCVD_IN_SBLXBL && (__FSL_HOST_YAHOO
> || __FSL_HOST_HOTMAIL)
> score FSL_FREEMAIL_SBLXBL 4.0
>
>
Thanks steve above rule seems to have done the trick! Catching quite a few
with zero fp's so far
Thanks again!
Paul
More information about the MailScanner
mailing list