[Mimedefang] Fw: [Sare-users] Spam with numbers in subj and b ody
Kevin A. McGrail
kmcgrail at pccc.com
Tue Jun 6 12:03:32 EDT 2006
FROM_AND_TO_SAME doesn't seem to be triggering for us.
And rather than making people edit the ruleset, I've changed number3 to a
more generic test
#KAM NUMBER EMAILS - Thanks to Mark Damrose for the NUMBER3 idea
header __KAM_NUMBER1 Subject =~ /^\d+$/i
body __KAM_NUMBER2 /\d{1,6}/
header __KAM_NUMBER3 Message-ID =~ /\<[a-z]{19}\@/i
meta KAM_NUMBER ((__KAM_NUMBER1 + __KAM_NUMBER2 +
MIME_HTML_ONLY + HTML_SHORT_LENGTH + __KAM_NUMBER3) >= 5)
describe KAM_NUMBER Silly Number Emails
score KAM_NUMBER 1.0
Regards,
KAM
> A couple other things I've noticed: This spam always hits on
> FROM_AND_TO_SAME2
>
> and
>
> header __NUMBER3 Message-ID =~ /\<[a-z]{19}\@example.com\>/
> (substitute your own domain for example.com).
More information about the MIMEDefang
mailing list