spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Katz <antis...@khopis.com>
Subject Re: Tonns of russian DOT info spam
Date Fri, 18 Feb 2011 22:04:59 GMT
On 02/18/2011 01:46 PM, Michelle Konzack wrote:
> Since three weeks the Debian Mailinglist are hit be several 1000 russian
> DOTinfo spams and spamassassin score this crap with -4
> 
> Does someone have a working rule for this crap?
> 
> I tried :
> 
> describe TD_INFO   dot info spam
> body     __TD_INFO /http:\/\/.*\.info/i
> score    TD_INFO   4.0
> 
> but it does not work.

And thank goodness for that, your rule is WAAAAAY too broad to be useful
as it blocks the ENTIRE .info top-level domain (a very bad idea).

If you really want to do something that bold, at least limit it to the
debian list (note, that list-id is a guess, check your headers):

header __TD_DEB_LIST	List-Id =~ /<debian-user.lists.debian.org>/
uri    __TD_DOT_INFO	m'^http://[^/]*\.info[/:?#]'i
meta   TD_DEB_INFO	__TD_DEB_LIST && __TD_DOT_INFO
score  TD_DEB_INFO	1.0

Check the SA rules it hits and add them as dependencies to that meta if
you want to increase the score; if it previously got a -4 score, it had
to hit some rule to do that.

Again, even this safer rule seems to be the wrong approach.  I suspect
you have a custom rule that is the source of the problem.  Can you post
the offending message to a pastebin?  The scoring breakdown would also
be useful (re-run the message with `spamassassin -t <filename`)


Mime
View raw message