NOBODY EVER ANSWERS QUESTIONS TO THIS LIST
james at gray.net.au
Mon Dec 15 06:44:04 GMT 2008
On 15/12/2008, at 3:17 PM, Bjorgen T. Eatinger wrote:
> 1. NOBODY EVER ANSWERS QUESTIONS TO THIS LIST---Why?
> 2. There has been (for at least the last 3 weeks) a recent huge
> flood of emails that are setup to "appear" to have originated from
> the same email address which the SPAM is being sent to, and the
> addresses are perfectly valid addresses stored on our email server
> (NOT ACCOUNTS, but valid ALIASES).
> For example a valid alias on our mail server would be: booking at edenaudio.com
> The SPAM email is SENT to that email address and is also setup to
> COME from that address.
> Has there been any discussion or attempts to get rid of this most
> annoying new type of SPAM? I don't see it as very difficult to
> catch, as the following conditions are always TRUE in all cases:
> a. SAME FROM ADDRESS AS THE TO ADDRESS (this is normally only done
> when testing)
> b. Almost every email contains "status" in the subject
> c. Every email always contains HTML and the words "click here" in
> every one (see below)
> I believe any one of these items would work to stop this flood of
> email (especially b or c). Can you please let me know how I could
> implement any one or all of these methods?
Whoa dude - slow down. Maybe I missed it, but I haven't seen any
previous questions from you on this matter. Maybe I missed them too?
BTW, starting a post to *any* list with "NOBODY EVER ANSWERS QUESTIONS
TO THIS LIST" is almost guaranteed way to construct a self-fulfilling
In answer to your questions, the same TO/FROM address I'll leave for
someone else and the remainder of your analysis should be enough.
Simply add the following to /etc/MailScanner/spamassassin.prefs.conf:
header __SUBJ_STATUS Subject =~ /status/i
body __BODY_CLK_HERE /click here/i
rawbody __BODY_HTML /(?:\<p\>|\<div\>|\<html\>)/i
meta MYSPAM_RULE_1 (__SUBJ_STATUS && __BODY_CLK_HERE && __BODY_HTML)
describe MYSPAM_RULE_1 This message appears to be spam
score MYSPAM_RULE_1 6.0
This isn't perfect, but it should give you a starting point.
For future reference, if you have some web space where you can put a
RAW, copy of the message other people can have a look at it and
together we can make some rules to address your specific problem. In
future, if you flame everyone on the list with accusations of ignoring
you, I personally will do exactly that :) I have been active (for
various values of active) on this list for several years and always
found this community attentive, informative and extremely helpful.
Please be polite and show respect - especially if you expect the same
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2417 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081215/b8fdc71e/smime.bin
More information about the MailScanner