Re: Help in writing rules to catch SREA stock spams

Suhas Ingale schrieb:

>
> Can someone help me writing rules to catch below content spam?
>
>  
>

	*  5.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
	*      [score: 1.0000]
	*  0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
	*  5.0 BOTNET Relay might be a spambot or virusbot
	*      [botnet0.7,ip=87.226.203.3,nordns]
	*  0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain
	*       signs some mails
	*  0.0 BOTNET_NORDNS Relay's IP address has no PTR record
	*      [botnet_nordns,ip=87.226.203.3]
	*  1.9 RCVD_ILLEGAL_IP Received: contains illegal IP address
	*  1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
	*      [URIs: otcpicks.com]
	*  2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
	*      [Blocked - see <http://www.spamcop.net/bl.shtml?87.226.203.3>]
	*  3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
	*      [87.226.203.3 listed in zen.spamhaus.org]
	*  0.5 WHOIS_DMNBYPROXY Contains URL registered to Domains by Proxy
	*      [URIs: otcpicks.com]
	*  1.5 UPPERCASE_75_100 message body is 75-100% uppercase

Another "SREA" spam easily busted with BOTNET and BAYES, i dont really see the need for a content rule.

arni Received on Fri Jun 22 10:52:25 2007