Spam from hotmail,yahoo and live.com getting throught
JC Putter
jcputter at numata.co.za
Tue Dec 23 06:52:18 GMT 2008
Thank you very much, really!!!
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Scott Silva
Sent: 22 December 2008 09:37 PM
To: mailscanner at lists.mailscanner.info
Subject: Re: Spam from hotmail,yahoo and live.com getting throught
on 12-20-2008 1:47 AM JC Putter spake the following:
> How can i setup mailscanner to do those URI,DNS blacklist checks???
>
> That is what i need,
>
> Thank you very much for the reply...
>
Here are some rules you can add to spam.assassin.prefs.conf. Some of them are quite old, but you can play with them;
header RCVD_IN_PSBL eval:check_rbl('psbl', 'psbl.surriel.com.')
describe RCVD_IN_PSBL Received via a relay in PSBL
tflags RCVD_IN_PSBL net
score RCVD_IN_PSBL 0 1.50 0 1.50
header RCVD_IN_UCE_PFSM_1 eval:check_rbl('UCE_PFSM_1',
'dnsbl-1.uceprotect.net')
describe RCVD_IN_UCE_PFSM_1 Received via a relay in UCE_PFSM_1
tflags RCVD_IN_UCE_PFSM_1 net
score RCVD_IN_UCE_PFSM_1 0 1.50 0 1.50
header RCVD_IN_UCE_PFSM_2 eval:check_rbl('UCE_PFSM_2',
'dnsbl-2.uceprotect.net')
describe RCVD_IN_UCE_PFSM_2 Received via a relay in UCE_PFSM_2
tflags RCVD_IN_UCE_PFSM_2 net
score RCVD_IN_UCE_PFSM_2 0 1.50 0 1.50
header RCVD_IN_UCE_PFSM_3 eval:check_rbl('UCE_PFSM_3',
'dnsbl-3.uceprotect.net')
describe RCVD_IN_UCE_PFSM_3 Received via a relay in UCE_PFSM_3
tflags RCVD_IN_UCE_PFSM_3 net
score RCVD_IN_UCE_PFSM_3 0 2.50 0 2.50
header DNS_FROM_MPBULK_RHSBL eval:check_rbl_from_host('mprhs',
'bulk.rhs.mailpolice.com.')
describe DNS_FROM_MPBULK_RHSBL From: sender listed in bulk.rhs.mailpolice.com
tflags DNS_FROM_MPBULK_RHSBL net
score DNS_FROM_MPBULK_RHSBL 2.0
urirhsbl URIBL_BULK_MPRHS bulk.rhs.mailpolice.com. A
body URIBL_BULK_MPRHS eval:check_uridnsbl('URIBL_BULK_MPRHS')
describe URIBL_BULK_MPRHS Contains a URL listed in the MailPolice bulk senders list
tflags URIBL_BULK_MPRHS net
score URIBL_BULK_MPRHS 2.0
urirhsbl URIBL_PORN_MPRHS porn.rhs.mailpolice.com. A
body URIBL_PORN_MPRHS eval:check_uridnsbl('URIBL_PORN_MPRHS')
describe URIBL_PORN_MPRHS Contains a URL listed in the MailPolice porn domains list
tflags URIBL_PORN_MPRHS net
score URIBL_PORN_MPRHS 2.0
urirhsbl URIBL_FRAUD_MPRHS fraud.rhs.mailpolice.com. A
body URIBL_FRAUD_MPRHS eval:check_uridnsbl('URIBL_FRAUD_MPRHS')
describe URIBL_FRAUD_MPRHS Contains a URL listed in the MailPolice fraud domains list
tflags URIBL_FRAUD_MPRHS net
score URIBL_FRAUD_MPRHS 2.0
header RCVD_IN_SPAMCANNIBAL eval:check_rbl('spamcannibal',
'bl.spamcannibal.org.')
describe RCVD_IN_SPAMCANNIBAL Received via a relay in SpamCannibal
tflags RCVD_IN_SPAMCANNIBAL net
score RCVD_IN_SPAMCANNIBAL 0 1.50 0 1.50
header RCVD_IN_MSRBL eval:check_rbl('msrbl', 'combined.rbl.msrbl.net.')
describe RCVD_IN_MSRBL Received via a relay in MSRBL
tflags RCVD_IN_MSRBL net
score RCVD_IN_MSRBL 0 1.50 0 1.50
header RCVD_IN_BACKSCATTER eval:check_rbl('msrbl',
'ips.backscatterer.org.')
describe RCVD_IN_BACKSCATTER Received via a relay in Backscatter.org
tflags RCVD_IN_BACKSCATTER net
score RCVD_IN_BACKSCATTER 0 1.50 0 1.50
#---added 8/1/2006 to combat image spam
rawbody INLINE_IMAGE /src\s*=\s*["']cid:/i
describe INLINE_IMAGE Inline Images
score INLINE_IMAGE 2.0
#---added 01/03/2007 to add scores based on country header __RCVD_IN_NERDS eval:check_rbl('nerds','zz.countries.nerd.dk.')
describe __RCVD_IN_NERDS Received from a spam country
tflags __RCVD_IN_NERDS net
header RCVD_IN_NERDS_CN eval:check_rbl_sub('nerds','127.0.0.156')
describe RCVD_IN_NERDS_CN Received from China
tflags RCVD_IN_NERDS_CN net
score RCVD_IN_NERDS_CN 2.0
header RCVD_IN_NERDS_KR eval:check_rbl_sub('nerds','127.0.0.154')
describe RCVD_IN_NERDS_KR Received from South Korea
tflags RCVD_IN_NERDS_KR net
score RCVD_IN_NERDS_KR 2.0
#added 11/27/2007 as a spam test
#Many of the spams originating from hotmail addresses here have a
#Reply-To: address in a yahoo domain.
header __HC_FROM_HOTMAIL From =~ /\@hotmail\./
describe __HC_FROM_HOTMAIL email From hotmail user
header __HC_REPLY_YAHOO Reply-To =~ /\@yahoo\./
describe __HC_REPLY_YAHOO Reply-To yahoo user
meta HC_HOTMAIL_YAHOO ( __HC_FROM_HOTMAIL && __HC_REPLY_YAHOO)
describe HC_HOTMAIL_YAHOO From hotmail, reply to Yahoo
score HC_HOTMAIL_YAHOO 20
add_header all Relay-Country _RELAYCOUNTRY_
#Added 12/02/2008 hostkarma tests
header __RCVD_IN_JMF
eval:check_rbl('JMF-lastexternal','hostkarma.junkemailfilter.com.')
describe __RCVD_IN_JMF Sender listed in JunkEmailFilter tflags __RCVD_IN_JMF net
header RCVD_IN_JMF_W eval:check_rbl_sub('JMF-lastexternal', '127.0.0.1') describe RCVD_IN_JMF_W Sender listed in JMF-WHITE tflags RCVD_IN_JMF_W net nice score RCVD_IN_JMF_W -5
header RCVD_IN_JMF_BL eval:check_rbl_sub('JMF-lastexternal', '127.0.0.2') describe RCVD_IN_JMF_BL Sender listed in JMF-BLACK tflags RCVD_IN_JMF_BL net score RCVD_IN_JMF_BL 3.5
header RCVD_IN_JMF_BR eval:check_rbl_sub('JMF-lastexternal', '127.0.0.4') describe RCVD_IN_JMF_BR Sender listed in JMF-BROWN tflags RCVD_IN_JMF_BR net score RCVD_IN_JMF_BR 1.0
#Added 12/02/2008 hostkarma tests
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
This message has been scanned by Nexus Mail Gateway
More information about the MailScanner
mailing list