spam getting through

Thread: spam getting through

Search this list only Search all lists
spam getting through
	2006-10-08 22:43:11
we're being plagued with a new form of spam - the messages consists of an image - generally advertising some penny stock followed by a list of random words. in many instances, i will get two messages at one time. i've sent a bunch to my isspam account, but, of course, the sender is always different as is the subject. anyone else seeing these? and any thoughts as to how to vanish them? david camm advanced web systems keller, tx

spam getting through
	2006-10-09 01:06:55
Hi , The best defense against these is spf plus the latest surgemail build. When we release a new 3.8 beta in a few days upgrade to that and make sure you have the recommended settings and it will stop most of them. ChrisP David Camm wrote on Sunday, October 8, 2006 at 5:43 p.m. (-0500): >we're being plagued with a new form of spam - the messages consists of an image >- generally advertising some penny stock followed by a list of random words. in >many instances, i will get two messages at one time. i've sent a bunch to my >isspam account, but, of course, the sender is always different as is the subject. > >anyone else seeing these? and any thoughts as to how to vanish them? > >david camm >advanced web systems >keller, tx > >

SV: spam getting through
	2006-10-09 08:10:47
Hi, I have modified a netwinsite rule and put it in the local.rul file: if (size()>8000) then if (size()<80000) then if (isin("body","Content-Type: image/gif")) then call spamdetect(5,"ImageSize") end if if (isin("rawbody","hspace=0")) then call spamdetect(5,"ImageSize") end if if (isin("rawbody","cid:")) then if (isin("rawbody","id=")) then call spamdetect(5,"ImageSize") end if end if end if end if I have a global rule that everything that gets more than 5 points getting held - so if a mail contains a image and is between 8k and 80k and contains a image, then I give et 5 points. If it's a good mail and you have trained your filter a bit - then most legit mails would slip through. I also have the share white list enabled in surgemail - so if it's a known sender, then it gets -2 points. This works quite good To Netwinsite - how bad would this rule hurt performance on a heavy loaded server? As you can see I use som rawbody search... (They have told me that it's bad for performance...) Med venlig hilsen / Kind regards JDM IT A/S Emil Werbes Hempel -----Oprindelig meddelelse----- Fra: David Camm [mailto:dcammadvwebsys.com] Sendt: 9. oktober 2006 00:43 Til: surgemail-listnetwinsite.com Emne: [SurgeMail List] spam getting through we're being plagued with a new form of spam - the messages consists of an image - generally advertising some penny stock followed by a list of random words. in many instances, i will get two messages at one time. i've sent a bunch to my isspam account, but, of course, the sender is always different as is the subject. anyone else seeing these? and any thoughts as to how to vanish them? david camm advanced web systems keller, tx

GIF spam getting through
	2006-10-15 14:34:22
At 10:10 AM +0200 10/9/06, Emil Werbes Hempel sent email regarding GIF Image spam: >Hi, > >I have modified a netwinsite rule and put it in the local.rul file: > >if (size()>8000) then > if (size()<80000) then > if (isin("body","Content-Type: image/gif")) then > call spamdetect(5,"ImageSize") > end if > if (isin("rawbody","hspace=0")) then > call spamdetect(5,"ImageSize") > end if > if (isin("rawbody","cid:")) then > if (isin("rawbody","id=")) then > call spamdetect(5,"ImageSize") > end if > end if > end if >end if I have added this (with a few modified values) to my local.rul and I still see many gif spams coming through with the "ImageSize" aspam values assigned per aspam_mfilter.txt. My modified version is: if (size()>1000) then if (size()<15000) then if (isin("body","Content-Type: image/gif")) then call spamdetect(5.5,"ImageSize") end if if (isin("rawbody","hspace=0")) then call spamdetect(5.5,"ImageSize") end if if (isin("rawbody","cid:")) then if (isin("rawbody","id=")) then call spamdetect(5.5,"ImageSize") end if end if end if end if Why aren't the aspam_mfilter.txt rules being overridden in most cases? (Yes, I've done tellmail reload -- even restarted the server.)

[1-4]

about | contact Other archives ( Real Estate discussion Medical topics )