[prev in list] [next in list] [prev in thread] [next in thread]
List: spamassassin-users
Subject: Re: url spam from Hotmail
From: Ned Slider <ned () unixmail ! co ! uk>
Date: 2010-05-26 18:01:24
Message-ID: 4BFD61F4.5080209 () unixmail ! co ! uk
[Download RAW message or body]
On 05/26/2010 05:29 PM, Karsten Bräckelmann wrote:
>
> Also, these Hotmail injected footers always use long-ish URIs with a
> path, no? In that case, a meta with __URI_NO_PATH could help. Something
> like this.
>
> uri __URI_NO_PATH m~^https?://[^/]+/?$~
>
>
That's possibly a good idea. I was thinking of trying to collate all
known Hotmail Signature/footer URIs and do a meta for Hotmail with URI
other than those that commonly appear in Hotmail footers.
In the end I just decided From Hotmail was worth 3 points and
whitelisted the 20 or so known hotmail sender addresses that appear in
my logs.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic