spamassassin rules bypassed - SpamAssassin

This is a discussion on spamassassin rules bypassed - SpamAssassin ; Good morning to everyone in the forum. I have been following with interest this forum and now I have a question. I tried looking for answers but I found nothing. I have this problem. I run a small mail-server and ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: spamassassin rules bypassed

  1. spamassassin rules bypassed


    Good morning to everyone in the forum. I have been following with interest
    this forum and now I have a question. I tried looking for answers but I
    found nothing. I have this problem. I run a small mail-server and I use
    spamassassin to filter the 98.2% spam that I usually receive. Since I'm in
    Italy I wrote some custom rules to specifically tag the Italian language
    spams. I am starting to receive a series of mail messages which somehow
    manage to bypass the spam filters.

    The spam messages contain a link to livefilestore.com (nothing new here)
    but for some reason a simple rule such as body TEST1 /livefilestore/ is
    not matched by the message.

    The message shows well both in Eudora and in Openwebmail with a link to
    livefilestore:

    h**p://8re74q.blu.livefilestore.com/y1p9IMUyfh4QGq99lNJIy3lx1QdR1rNCzje8mr5HSwyDBghijt fjmIy1JJcrjNmYC3IKNm-QX2e8QRtufTNm5znLw/wmvvkrz.html

    Checks to the text of the message describing the link are performed, but of
    course they are not very useful. The relevant headers of the message are as
    follows:

    Subject: Indeed you can not try them?
    Date: Thu, 10 Jul 2008 09:14:56 -0430
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0012_01C8E26D.6B798DA0"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2800.2969
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.2969
    Status: RO
    X-Status:
    X-Keywords:
    X-UID: 37241

    I have no idea of what's happening, neither I am able to think to a
    workaround and these messages keep coming. Thanks again for any suggestion.
    Luca

    --
    View this message in context: http://www.nabble.com/spamassassin-r...p18397700.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


  2. Re: spamassassin rules bypassed

    natoma wrote:
    > Good morning to everyone in the forum. I have been following with interest
    > this forum and now I have a question. I tried looking for answers but I
    > found nothing. I have this problem. I run a small mail-server and I use
    > spamassassin to filter the 98.2% spam that I usually receive. Since I'm in
    > Italy I wrote some custom rules to specifically tag the Italian language
    > spams. I am starting to receive a series of mail messages which somehow
    > manage to bypass the spam filters.
    >
    > The spam messages contain a link to livefilestore.com (nothing new here)
    > but for some reason a simple rule such as body TEST1 /livefilestore/ is
    > not matched by the message.
    >
    > The message shows well both in Eudora and in Openwebmail with a link to
    > livefilestore:
    >
    > h**p://8re74q.blu.livefilestore.com/y1p9IMUyfh4QGq99lNJIy3lx1QdR1rNCzje8mr5HSwyDBghijt fjmIy1JJcrjNmYC3IKNm-QX2e8QRtufTNm5znLw/wmvvkrz.html
    >


    Body tests don't match HTML tags, including links in tags. Is the
    above link done that way, or is it actually in the text?

    Change your rule type from body to uri to match URI/URL's in the
    message. Alternatively you can use rawbody, which will match HTML tags
    and body text.



+ Reply to Thread