Hotmail and Gmail spam getting through - SpamAssassin

This is a discussion on Hotmail and Gmail spam getting through - SpamAssassin ; It looks like Hotmail and Gmail's captcha has been broken. I'm getting spam using their domains as return addresses, and the messages pass SPF. I assume there are other people getting these. I've attached two - the second one doesn't ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Hotmail and Gmail spam getting through

  1. Hotmail and Gmail spam getting through


    It looks like Hotmail and Gmail's captcha has been broken. I'm getting spam
    using their domains as return addresses, and the messages pass SPF. I assume
    there are other people getting these. I've attached two - the second one
    doesn't even seem to be advertising anything. Can anyone suggest a way to
    filter these?

    I'm using SA 3.2.1, running spamd, routing mail to it from Postfix on Linux.

    http://www.nabble.com/file/p17876019/pharmaspam.txt pharmaspam.txt
    http://www.nabble.com/file/p17876019/weirdspam.txt weirdspam.txt
    --
    View this message in context: http://www.nabble.com/Hotmail-and-Gm...p17876019.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


  2. Re: Hotmail and Gmail spam getting through

    omehegan wrote:

    > It looks like Hotmail and Gmail's captcha has been broken. I'm getting spam
    > using their domains as return addresses, and the messages pass SPF. I assume
    > there are other people getting these. I've attached two - the second one
    > doesn't even seem to be advertising anything. Can anyone suggest a way to
    > filter these?


    It is difficult to suggest anything that would not involve a prohibitive
    increase in false positives. Best thing is to email their support and
    postmaster addresses. Eventually (hopefully?) they'll stop facilitating the
    circulation of this garbage.

    --
    Sahil Tandon


  3. Re: Hotmail and Gmail spam getting through


    > http://www.nabble.com/file/p17876019/pharmaspam.txt pharmaspam.txt



    This one is very distinctive, with all those lines of just =0A=
    (encoded newline). I've seen it many times. But-- how do you
    count consecutive lines of raw /^=0A=$/ with the tool we are using?

    Joseph Brennan
    Columbia University Information Technology


  4. Re: Hotmail and Gmail spam getting through

    Joseph Brennan wrote:

    > But-- how do you
    > count consecutive lines of raw /^=0A=$/ with the tool we are using?


    Not counting, but triggering on 5 or more:
    full FRUKT_EMPTY_QP /\r?\n(?:=0A=\r?\n){5}/s

    (I'm not a rule guru, so it wouldn't suprise me if there are
    better ways.)

    Regards
    /Jonas
    --
    Jonas Eckerman, FSDB & Fruktträdet
    http://whatever.frukt.org/
    http://www.fsdb.org/
    http://www.frukt.org/


+ Reply to Thread