[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: Large spam
From:       Jude DaShiell <jdashiel () panix ! com>
Date:       2015-07-16 11:31:45
Message-ID: alpine.NEB.2.11.1507160725010.13761 () panix1 ! panix ! com
[Download RAW message or body]

I don't know if someone can help me on a question about message 
components naming but if you can I think I know how to defeat this large 
spam.  Before a message gets opened there is I'll call it a tag like 
make money fast you'll read and this is not on the Subject: line either.
  It was those tags I filtered on and managed to send lots of it to 
/dev/null.  None of these filters would or could learn from it and 
eventually those fields started showing foreign characters too.  I never 
did find out the name of that field otherwise I could have written 
procmail filters for all of it.  I hope this helps someone.

On Wed, 15 Jul 2015, Ian Zimmerman wrote:

> Date: Wed, 15 Jul 2015 16:42:28
> From: Ian Zimmerman <itz@buug.org>
> To: users@spamassassin.apache.org
> Subject: Re: Large spam
> 
> On 2015-07-15 20:12 +0000, Zinski, Steve wrote:
>
>> We're starting to see a lot of spam in the 800KB to 1.2MB size
>> range. I?m running MIMEdefang and it?s configured to skip messages
>> larger than 100KB (and I hesitate to increase the limit due to
>> performance issues). I read somewhere that there?s a way to have
>> MIMEdefang (or spamassassin) strip out the non-text portions of the
>> e-mail and scan. Can anyone help me set this up or point me in the
>> right direction? Thanks!
>
> Yes, I see the same thing.  I have no doubt at all that it is
> intentional, to defeat spamc size limit in particular.
>
> Moreover, mimedefang won't help because at least some of them are
> disguised as plain text messages.  That is, the outermost message body
> is an entire MIME message, headers and all.
>
>

-- 

[prev in list] [next in list] [prev in thread] [next in thread]