[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: sa-update does not pick up newest German spam wave
From:       Robert Schetterer <robert () schetterer ! org>
Date:       2008-12-02 16:05:18
Message-ID: 49355CBE.7020802 () schetterer ! org
[Download RAW message or body]

Richard Hartmann schrieb:
> Hi all,
> 
> this mail:
> 
> Subject: Die E-Mail Adresse foo@bar wird gesperrt
> 
> Body:
> Sehr geehrte Damen und Herren,
> 
> Ihre Email "foo@bar" wird wegen Missbrauch innerhalb der naechsten 24
> Stunden gesperrt. Es sind \d{2} Beschwerden wegen Spamversand bei uns
> eingegangen.
> Details und moegliche Schritte zur Entsperrung finden Sie im Anhang.
> 
> Attachment:
> randomly named zip file which contains an exe
> 
> Is not picked up by SA, yet. sa-update did not get any rules against
> it either. Does anyone have a ready-made rule against this, already?
> If not, what doc should I read to create my own?
> 
> 
> Thanks,
> Richard

Hi Richard,
in my german mail domains ( well spam bombed ever )
i didnt recieve one of this wave, so
you might use more advanced blocking mehtods on smtp
income level at your server, ie use clamav-milter, rbls etc
after all ,you might do sa-learn --spam with a sample mail
and spamassassin should catch it, and use pyzor,razor etc
checks too, this should reduce incomming of such mails to a minimum
and else left should be marked short after a spam wave start

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
[prev in list] [next in list] [prev in thread] [next in thread]