new spam getting through
steve.freegard at fsl.com
Sun Dec 5 23:27:27 GMT 2010
On 05/12/10 22:47, Gerard Cleary wrote:
> On Sat, 4 Dec 2010 13:15:25 Noel Butler wrote:
>> Likewise, no errors here, only running since late last night so haven't
>> checked to see how effective, but by a quick look at it, it should help
>> a lot with short urls (thanks Steve)
> I want to add my hearty thanks to Steve as well. I put the files in on Friday
> afternoon (I know, you're not supposed to do silly things like that, but I
> checked it for the next hour and all was OK.)
> Over the weekend, it trapped 313 spams !! Very effective indeed.
Excellent - I'm glad it's working well for you and to everyone else that
replied that it's working for them.
The thing to do is check /tmp/DecodeShortURLs.txt for nasty domains that
you can block locally as not all of the obviously bad decoded short URLs
are finding their into the URI blacklists at the moment (credit where
it's due to SURBL who seem better at this than URIBL currently).
I'm finding this rule is working out well on a number of FSL sites:
uri FSL_URI_REFER_CCBIL /refer\.ccbill\.com/
describe FSL_URI_REFER_CCBIL Links to refer.ccbill.com
score FSL_URI_REFER_CCBIL 4.0
Everyone can help improve this plug-in in the following ways:
1) Let me know if you find any new URL shorteners that are not listed in
DecodeShortURLs.cf so I can add them to the supplied URL shortener list.
2) If you see any new shortener blocks (this is where a page is
redirected to an abuse/blocked page for that particular shortener hash).
For example you can see I have definitions in the file for BITLY,
SIMURL and MEGRE - there will surely be others that I've missed or do
not know about; again - let me know as the more of these I can get mean
that if a service blocks a shortened URL; you'll score it highly without
worrying about potential FPs.
3) Report any bugs to me.
More information about the MailScanner