[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: url spam from Hotmail
From:       Ned Slider <ned () unixmail ! co ! uk>
Date:       2010-05-26 18:01:24
Message-ID: 4BFD61F4.5080209 () unixmail ! co ! uk
[Download RAW message or body]

On 05/26/2010 05:29 PM, Karsten Bräckelmann wrote:
>
> Also, these Hotmail injected footers always use long-ish URIs with a
> path, no? In that case, a meta with __URI_NO_PATH could help. Something
> like this.
>
>    uri __URI_NO_PATH  m~^https?://[^/]+/?$~
>
>

That's possibly a good idea. I was thinking of trying to collate all 
known Hotmail Signature/footer URIs and do a meta for Hotmail with URI 
other than those that commonly appear in Hotmail footers.

In the end I just decided From Hotmail was worth 3 points and 
whitelisted the 20 or so known hotmail sender addresses that appear in 
my logs.

[prev in list] [next in list] [prev in thread] [next in thread]