Byteplant Forum

Home » CleanMail Support » CleanMail SpamAssassin Filter » Trying to stop the German Racist Spam

Show: Today's Messages :: Show Polls :: Message Navigator

Trying to stop the German Racist Spam [message #350]

Wed, 23 June 2004 10:26

BradlayLaw
Messages: 9
Registered: June 2004

Junior Member

I'm trying to write a rule to prevent the hundreds of mails we get a day generated by the Sober.G virus (the racist german spewing one). I looked through the headers and they all have one thing in common :

Message-ID:

eg. Message-ID: <32f7307a29a21e.ff4f1.qmail@belsign.be>

So I created a rule like so :

header LOCAL_GERMANSPAM Message-ID =~ /<.*\..*\.qmail@.*>/
describe LOCAL_GERMANSPAM Captures German Racist Spam
score LOCAL_GERMANSPAM 5.1

I tried the regular expression with my text editors find function and it found the message-ID fine enough.

This text was put in a file called germanspam.cf and placed in the folder with our other sa rulesets and config files and I restarted the NST service.

The german email is still getting through. I checked the headers and my rule appears to be picking up on it but the score is not changing. Here is part of a header after my rule was installed :

X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on NETPILOT
X-Spam-Status: No, hits=2.6 required=5.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
LOCAL_GERMANSPAM,NO_REAL_NAME,PRIORITY_NO_NAME autolearn=no
version=2.63
X-Spam-Level: **

Do you have any idea on where I am going wrong and if there is a better way to stop this spam.

Thanks

Post Edited (06-23-04 11:03)

Report message to a moderator

Re: Trying to stop the German Racist Spam [message #351 is a reply to message #350]

Wed, 23 June 2004 10:52

lebig
Messages: 2
Registered: June 2004

Junior Member

+1

http://www.byteplant.com/forum/read.php?f=3&i=25&t=25#reply_25

Report message to a moderator

Re: Trying to stop the German Racist Spam [message #352 is a reply to message #350]

Wed, 23 June 2004 11:00

BradlayLaw
Messages: 9
Registered: June 2004

Junior Member

There is no solution there though.

Report message to a moderator

Re: Trying to stop the German Racist Spam [message #353 is a reply to message #350]

Wed, 23 June 2004 11:14

support
Messages: 925
Registered: April 2004

Senior Member

BradlayLaw wrote:

> header LOCAL_GERMANSPAM Message-ID =~ /<.*\..*\.qmail@.*>/
> describe LOCAL_GERMANSPAM Captures German Racist Spam
> score LOCAL_GERMANSPAM 5.1

> X-Spam-Status: No, hits=2.6 required=5.0
> tests=BAYES_00,FROM_ENDS_IN_NUMS,
> LOCAL_GERMANSPAM,NO_REAL_NAME,PRIORITY_NO_NAME autolearn=no
>
> version=2.63
> X-Spam-Level: **

The score is too low. The BAYES_00 test has a negative score, and it all adds up to only 2.x spam points (X-Spam-Level: **). Try a score of at least 8, and you should feed an example of these mails to sa-learn for good measure.

Customer Support
Byteplant GmbH

Report message to a moderator

Re: Trying to stop the German Racist Spam [message #354 is a reply to message #353]

Wed, 23 June 2004 11:24

BradlayLaw
Messages: 9
Registered: June 2004

Junior Member

Ah, thats where I'm going wrong. I have already used sa-learn on about 1500 of these, but most of them seem identical so it only learnt from 30 or so of them.

Report message to a moderator

Previous Topic:	Testing new rulesets with --lint
Next Topic:	Changing tagget header

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sat Apr 21 13:21:10 CEST 2018