Those annoying "Bernadin Wrote:" spams

David Restall - System Administrator dave at restall.net
Tue Nov 28 13:40:43 UTC 2006 

Brian,

>     There's a new spam-game in town called SpamThrough; mostly it's
> high-priced spams for people trying to influence stock trades, but a lot
> get through, even with Spamassassin, greylisting, and postfix's natural
> antispam software.
> 
>     Anyone found a 'silver bullet' for such spams?

I've become a spam fascist in the last few weeks because
of these.  I use blacklists and also some local rules in
/etc/mail/spamassassin/site_rules.cf.

This is a file I created - so don't expect to find it on your system.
These mails all have some common strings and some regular phrases and
I add a rule such as the following to my site_rules.cf :-

body		STOCK_SELL_SPAM6	/W[Oo]RD:/i
describe	STOCK_SELL_SPAM6	Body is stock selling spam message
score		STOCK_SELL_SPAM6	3.0

This looks for the string WORD (and a couple of other spellings just in
case) follwed by a colon in the message body.  If it finds it it scores
it with three which is over half way to spamassassin's target of five
for a message.  If you do this for a few of the words then it only needs
two of them to exceed the spamassassin threshhold.  If you want to find
three matches before reaching the threshhold set the score to be 1.5 or 2.

I initially started off looking for the four character symbol strings
but this soon became unuseable because the symbol string changed with
each promotion.

Don't forget to killall -HUP spamd after adding the rules.

Not a silver bullet but it seems to be working for me at the mo.

Regards,


Dave
ubuntu/2006-11-28.tx                   ubuntu-users brian at fahrlander.net
+----------------------------------------------------------------------------+
| Dave Restall, Computer Nerd, Cyclist, Radio Amateur G4 FCU, Bodger         |
| Mob +44 (0) 7973 831245      Skype: dave.restall             Radio: G4 FCU |
| email : dave at restall.net                     Web : http://dave.restall.net |
+----------------------------------------------------------------------------+
| Moe:    Wanna play poker tonight?  Joe:    I can't. It's the kids'         |
| night out.  Moe:    So?  Joe:     I gotta stay home with the nurse.        |
+----------------------------------------------------------------------------+

More information about the ubuntu-users mailing list