Rechnung offline Spam
Johan Hendriks
joh.hendriks at gmail.com
Fri Jun 13 12:18:07 IST 2014
op 13-06-14 11:33, Kai Schaetzl schreef:
> Johan Hendriks wrote on Wed, 11 Jun 2014 15:41:49 +0200:
>
>> I am trying to stop some spam but it seems MailScanner just lets them
>> pass...
> Check if it hits. You can do this with SA --lint. If SA hits, then check
> if MS runs it with the same config. An easy check if your custrom rule is
> in the right place (e.g. you are doing it the first time ...) is to place
> a deliberately *wrong* rule there and then run SA --lint. It should bark
> about it. e.g.
>
> header whatever
>
> alone should be sufficient to trigger a warning or even an error with SA.
> If it does you know it's in the right place, then do the same with MS.
>
> If you put your .cf file in the SA rules directory (usually
> /etc/mail/spamassassin), then it will get picked up. There is no need to
> add it to another file.
>
> Please note, that the *real* invoices by Deutsche Telekom have the *same*
> subject!
>
> A good way to identify this spam is to look for the mailer software (/^X-
> Mailer:.*Blat.*/ or /^X-MimeOLE:.*Produced by Blat.*/). This spam (also
> the big spam run in January) is getting sent from Windows zombies with the
> help of Blat (you could also look just for a specific version, I think
> it's always 3.1.1). So you can have a meta rule for them.
>
> Also, if these messages (sometimes they come in really big quantitites)
> pose a problem for your mail system you can enforce a (temporary) header
> check with postfix and reject them right-away. Of course, this will reject
> legitimate mailing list mail sent by Blat as well (but it's rare). So, use
> it only as a temporary measure.
>
>
> Kai
>
Thanks for the answers again.. and Holger for the rules
I put the file in /usr/local/etc/mail/spamassassin/
If i make a mistake like you said spamassassin --lint indeed barks
spamassassin --lint
Jun 13 12:25:05.692 [72537] warn: config: SpamAssassin failed to parse
line, no value provided for "header", skipping: header whatever
Jun 13 12:25:06.793 [72537] warn: lint: 1 issues detected, please rerun
with debug enabled for more information
So spamassassin reads the rule
Mailscanner --lint does not show me much about spamassassin.
In the directory where I have the custum_rule.cf file there is also a
file for the FuzzyOCR rules and that gets laoded also.
I will look and see if it all works now.
regards
Johan
More information about the MailScanner
mailing list