[prev in list] [next in list] [prev in thread] [next in thread]
List: spamassassin-users
Subject: Re: Large spam
From: Jude DaShiell <jdashiel () panix ! com>
Date: 2015-07-16 11:31:45
Message-ID: alpine.NEB.2.11.1507160725010.13761 () panix1 ! panix ! com
[Download RAW message or body]
I don't know if someone can help me on a question about message
components naming but if you can I think I know how to defeat this large
spam. Before a message gets opened there is I'll call it a tag like
make money fast you'll read and this is not on the Subject: line either.
It was those tags I filtered on and managed to send lots of it to
/dev/null. None of these filters would or could learn from it and
eventually those fields started showing foreign characters too. I never
did find out the name of that field otherwise I could have written
procmail filters for all of it. I hope this helps someone.
On Wed, 15 Jul 2015, Ian Zimmerman wrote:
> Date: Wed, 15 Jul 2015 16:42:28
> From: Ian Zimmerman <itz@buug.org>
> To: users@spamassassin.apache.org
> Subject: Re: Large spam
>
> On 2015-07-15 20:12 +0000, Zinski, Steve wrote:
>
>> We're starting to see a lot of spam in the 800KB to 1.2MB size
>> range. I?m running MIMEdefang and it?s configured to skip messages
>> larger than 100KB (and I hesitate to increase the limit due to
>> performance issues). I read somewhere that there?s a way to have
>> MIMEdefang (or spamassassin) strip out the non-text portions of the
>> e-mail and scan. Can anyone help me set this up or point me in the
>> right direction? Thanks!
>
> Yes, I see the same thing. I have no doubt at all that it is
> intentional, to defeat spamc size limit in particular.
>
> Moreover, mimedefang won't help because at least some of them are
> disguised as plain text messages. That is, the outermost message body
> is an entire MIME message, headers and all.
>
>
--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic