spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex <>
Subject Re: Yahoo single-link spam common elements
Date Sun, 03 Mar 2013 18:37:51 GMT

> My latest attempt is this:
> header   __RP_D_00040_1 From:addr =~ /yahoo/i
> header   __RP_D_00040_2 To =~ /(:?@.*?){5}/
> body     __RP_D_00040_3 /http.{0,200}\d{1,2}:\d{1,2}:\d{1,2}/
> meta     RP_D_00040 __RP_D_00040_1 &&__RP_D_00040_2 &&__RP_D_00040_3
> describe RP_D_00040 Yahoo single-line URL spam

I'm seeing variations on this that aren't being caught, and I hoped
someone could help. I've pasted my example here:

There are more than five recipients, and despite changing it higher,
it still doesn't work. The URL in my example is:


(remove the initial dash)

I can't figure out how the above URL differs from some of the others
that have been caught, such as:


View raw message