Void's Forums

by **Void Main** » Tue Sep 20, 2005 6:58 pm

I've been getting at least 5 to 10 SPAM messages a day with a link to some page on uk.geocities.com. I have a large number of extra rules that I keep updated with the RulesDuJour script and these messages have been making it through. The SPAM is so nice it gets marked as ham much of the time. I wrote a rule to catch this. Since doing so not one single SPAM message has made it into my inbox. Here's the rule:

/etc/mail/spamassassin/void_geocities.cf

Code: Select all: body VOID_GEOCITIES /http\:\/\/uk\.geocities\.com\/.*\/\?/ score VOID_GEOCITIES 5.1 describe VOID_GEOCITIES http://uk.geocities.com/xxxx/?xxxx in body is SPAM

I run Sendmail+clamav+spamassassin for a mail server. I don't know why I run clamav, just a waste of CPU cycles at my house. :)

by **Void Main** » Sun Nov 06, 2005 7:54 pm

Updated:

Code: Select all: body VOID_GEOCITIES /http\:\/\/(uk|it|de)\.geocities\.com\/.*\/\?/ score VOID_GEOCITIES 5.1 describe VOID_GEOCITIES http://*.geocities.com/xxxx/?xxxx in body is SPAM

by **Void Main** » Wed Nov 16, 2005 7:07 am

Update:

http://voidmain.is-a-geek.net/files/misc/voidmain.cf

Code: Select all: body VOID_GEOCITIES /http\:\/\/.*\.geocities\.com\/.*\/\?/ score VOID_GEOCITIES 5.1 describe VOID_GEOCITIES http://*.geocities.com/*/?* in body body VOID_GEOYAHOO /http\:\/\/geocities\.yahoo\.com\..*\/.*\/\?/ score VOID_GEOYAHOO 5.1 describe VOID_GEOYAHOO http://geocities.yahoo.com.*/*/?* in body body VOID_BEDSLIME /http\:\/\/.*bedslime\.com\/.*\// score VOID_BEDSLIME 5.1 describe VOID_BEDSLIME http://*bedslime.com/*/ in body

by **Calum** » Fri Nov 18, 2005 11:35 am

what is ham?

by **Void Main** » Fri Nov 18, 2005 1:02 pm

The opposite of spam (good mail).

by **Void Main** » Fri Nov 18, 2005 6:06 pm

Update again:
http://voidmain.is-a-geek.net/files/misc/voidmain.cf

Code: Select all: body VOID_GEOCITIES /http\:\/\/.*\.geocities\.com\/.*\/\?/ score VOID_GEOCITIES 5.1 describe VOID_GEOCITIES http://*.geocities.com/*/?* in body body VOID_GEOYAHOO /http\:\/\/geocities\.yahoo\.com\..*\/.*\/\?/ score VOID_GEOYAHOO 5.1 describe VOID_GEOYAHOO http://geocities.yahoo.com.*/*/?* in body body VOID_BEDSLIME /http\:\/\/.*bedslime\.com\// score VOID_BEDSLIME 5.1 describe VOID_BEDSLIME http://*bedslime.com/ in body body VOID_THE18 /http\:\/\/.*the1877l\.net\// score VOID_THE18 5.1 describe VOID_THE18 http://*the1877l.net/ in body

by **Void Main** » Sun Nov 20, 2005 10:56 am

Updated again:

Code: Select all: rawbody VOID_GEOCITIES /http\:\/\/.*\.geocities\.com\/.*\/\?/ score VOID_GEOCITIES 5.1 describe VOID_GEOCITIES http://*.geocities.com/*/?* in body rawbody VOID_GEOYAHOO /http\:\/\/geocities\.yahoo\.com\..*\/.*\/\?/ score VOID_GEOYAHOO 5.1 describe VOID_GEOYAHOO http://geocities.yahoo.com.*/*/?* in body rawbody VOID_BEDSLIME /http\:\/\/.*bedslime\.com\// score VOID_BEDSLIME 5.1 describe VOID_BEDSLIME http://*bedslime.com/ in body rawbody VOID_THE18 /http\:\/\/.*the1877l\.net\// score VOID_THE18 5.1 describe VOID_THE18 http://*the1877l.net/ in body

by **Void Main** » Tue Dec 13, 2005 7:34 am

Update:
http://voidmain.is-a-geek.net/files/misc/void.cf

Code: Select all: rawbody VOID_GEOCITIES /http\:\/\/.*\.geocities\.com\/.*\// score VOID_GEOCITIES 5.1 describe VOID_GEOCITIES http://*.geocities.com/*/ in body rawbody VOID_GEOYAHOO /http\:\/\/geocities\.yahoo\.com\..*\/.*\// score VOID_GEOYAHOO 5.1 describe VOID_GEOYAHOO http://geocities.yahoo.com.*/*/ in body rawbody VOID_BEDSLIME /http\:\/\/.*bedslime\.com\// score VOID_BEDSLIME 5.1 describe VOID_BEDSLIME http://*bedslime.com/ in body rawbody VOID_THE18 /http\:\/\/.*the1877l\.net\// score VOID_THE18 5.1 describe VOID_THE18 http://*the1877l.net/ in body rawbody VOID_LOVE /http\:\/\/.*-love-.*\.us\// score VOID_LOVE 5.1 describe VOID_LOVE http://*-love-*.us/ in body

Void's Forums

spamassassin rule - VOID_GEOCITIES

spamassassin rule - VOID_GEOCITIES

Who is online