Solution for Disaster spam? - SpamAssassin

This is a discussion on Solution for Disaster spam? - SpamAssassin ; What have people been using to curtail some of the new disaster spam that's quite common now? I usually don't use BAYES Things like *Man killed by flying ****tail glass* *A-rod dropped from team* *Obama withdraws support for Israel*...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Solution for Disaster spam?

  1. Solution for Disaster spam?

    What have people been using to curtail some of the new disaster spam that's
    quite common now?
    I usually don't use BAYES

    Things like

    *Man killed by flying ****tail glass*


    *A-rod dropped from team*


    *Obama withdraws support for Israel*


  2. Re: Solution for Disaster spam?

    On Sunday 27 July 2008 17:43:44 Robert Nicholson wrote:
    > What have people been using to curtail some of the new disaster spam that's
    > quite common now?

    nothing. see my previous post ( "0 Points")

    > I usually don't use BAYES

    doesn't help anyway.

    > Things like
    >
    > *Man killed by flying ****tail glass*
    > *A-rod dropped from team*
    > *Obama withdraws support for Israel*


    Obama's family became victim of terrorist threats
    Obama vows to win the elections so that he can bring daughters into the Oval
    Kidney stealing ring busted
    blablabla

    yeah that kind of crap. The only thing you can do is wait until they used up
    all their hacked relays and hacked websites. Their site is actually quiet
    good. might result in a bunch of new zombies around *sigh*
    Uribl is quick enough so it catches 90% of those for me, for the rest you'll
    just have to be patient.

    The proper solution would be implementing a plugin that analyses the
    referenced website. That would finally kill canadian pharmacy as well.

    --
    mit freundlichen Grüßen / best regards
    Arvid Ephraim Picciani


  3. Re: Solution for Disaster spam?

    > What have people been using to curtail some of the new
    > disaster spam that's quite common now?
    >
    >
    > I usually don't use BAYES
    >
    >
    >
    > Things like
    >
    >
    > Man killed by flying ****tail glass
    >
    >
    > A-rod dropped from team
    >
    >
    > Obama withdraws support for Israel


    Content preview: McCain suffers sudden heart attack during flight to oil rig
    http://parapendiolestreghe.it/topnews.html [...]

    Content analysis details: (21.7 points, 5.0 required)

    pts rule name description
    ---- ---------------------- --------------------------------------------------
    2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
    [Blocked - see ]
    1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
    [URIs: parapendiolestreghe.it]
    0.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
    [URIs: parapendiolestreghe.it]
    5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
    [score: 1.0000]
    4.0 BOTNET Relay might be a spambot or virusbot
    [botnet0.8,ip=147.236.238.35,rdns=autom-238-035.ladpc.co.il,maildomain=12go.nl,client,ipinhost name]
    1.3 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
    0.0 HTML_MESSAGE BODY: HTML included in message
    1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
    above 50%
    [cf: 100]
    0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
    0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
    [cf: 100]
    2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
    1.0 DIGEST_MULTIPLE Message hits more than one network digest check


  4. Re: Solution for Disaster spam?

    On Sun, 27 Jul 2008, Robert Nicholson wrote:

    > What have people been using to curtail some of the new disaster spam that's
    > quite common now?
    > I usually don't use BAYES
    >
    > Things like
    >
    > *Man killed by flying ****tail glass*
    > *A-rod dropped from team*
    > *Obama withdraws support for Israel*


    That's StormWorm spawn spew, not stricly speaking spam. Be that as it may
    it's actually more dangerous than spam, Clueless Lluser clicks on the
    link and are p0wn3d.

    Here the botnet plugin prettymuch always fires on those, SURBL/URIBL
    pick them up soon after they start, RBLs such as CBL & SpamHaus
    usually fire too.

    Bottom line, network tests seem to be the best defense.

    --
    Dave Funk University of Iowa
    College of Engineering
    319/335-5751 FAX: 319/384-0549 1256 Seamans Center
    Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
    #include
    Better is not better, 'standard' is better. B{


  5. Re: Solution for Disaster spam?

    From: "Arvid Ephraim Picciani"
    Sent: Sunday, 2008, July 27 08:53


    On Sunday 27 July 2008 17:43:44 Robert Nicholson wrote:
    > What have people been using to curtail some of the new disaster spam
    > that's
    > quite common now?

    nothing. see my previous post ( "0 Points")

    > I usually don't use BAYES

    doesn't help anyway.

    > Things like
    >
    > *Man killed by flying ****tail glass*
    > *A-rod dropped from team*
    > *Obama withdraws support for Israel*


    Obama's family became victim of terrorist threats
    Obama vows to win the elections so that he can bring daughters into the Oval
    Kidney stealing ring busted
    blablabla

    yeah that kind of crap. The only thing you can do is wait until they used up
    all their hacked relays and hacked websites. Their site is actually quiet
    good. might result in a bunch of new zombies around *sigh*
    Uribl is quick enough so it catches 90% of those for me, for the rest you'll
    just have to be patient.

    The proper solution would be implementing a plugin that analyses the
    referenced website. That would finally kill canadian pharmacy as well.

    << jdow

    Greylisting?

    {^_^}


  6. Re: Solution for Disaster spam?

    On Sun, 27 Jul 2008, Robert Nicholson wrote:

    > What have people been using to curtail some of the new disaster spam that's quite common now?


    Well, indeed it was clamav that helped me. After upgrading to most recent
    version, 95% of this spam disappeared. spamassassin was helpless, scoring
    only BAYES_50 at most.
    --
    Micha Jczalik, +48.603.64.62.97


  7. Re: Solution for Disaster spam?

    Am 2008-08-01 07:07:59, schrieb Micha? J?czalik:
    > On Sun, 27 Jul 2008, Robert Nicholson wrote:
    >
    > >What have people been using to curtail some of the new disaster spam
    > >that's quite common now?

    >
    > Well, indeed it was clamav that helped me. After upgrading to most recent
    > version, 95% of this spam disappeared. spamassassin was helpless, scoring
    > only BAYES_50 at most.


    Right, spamassassin scored the spams with only -0.8 to +1.9 and I had to
    install an additional procmail rule which now capture arround 99.9% of
    it. But I should mention, that I get curently arround 180.000 per day.

    Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant


    --
    Linux-User #280138 with the Linux Counter, http://counter.li.org/
    ##################### Debian GNU/Linux Consultant #####################
    Michelle Konzack Apt. 917 ICQ #328449886
    +49/177/9351947 50, rue de Soultz MSN LinuxMichi
    +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (GNU/Linux)

    iD8DBQFIk0fLC0FPBMSS+BIRAsQ3AJ4nfTrDNM847bSba98eTz ZMttlYwQCfV8xM
    w1phAqzbBfsG9aRgeo3XCAQ=
    =llPr
    -----END PGP SIGNATURE-----


  8. RE: Solution for Disaster spam?

    > -----Original Message-----
    > From: Michelle Konzack [mailto:linux4michelle@tamay-dogan.net]
    > Sent: Friday, August 01, 2008 1:29 PM
    > To: users@spamassassin.apache.org
    > Subject: Re: Solution for Disaster spam?
    >
    > Am 2008-08-01 07:07:59, schrieb Micha? J?czalik:
    > > On Sun, 27 Jul 2008, Robert Nicholson wrote:
    > >
    > > >What have people been using to curtail some of the new disaster

    spam
    > > >that's quite common now?

    > >
    > > Well, indeed it was clamav that helped me. After upgrading to most
    > > recent version, 95% of this spam disappeared. spamassassin was
    > > helpless, scoring only BAYES_50 at most.

    >
    > Right, spamassassin scored the spams with only -0.8 to +1.9 and I had

    to install an
    > additional procmail rule which now capture arround 99.9% of it. But

    I should
    > mention, that I get curently arround 180.000 per day.
    >


    If you are running clamd/clamav, you can install the
    anti-scam/phishing/spam signatures from
    http://www.sanesecurity.com/clamav/usage.htm and you should not see
    these any more.

    Fri Aug 1 13:16:13 2008 ->
    /var/spool/MIMEDefang/mdefang-m71HGDNr530135/Work/INPUTMBOX:
    Email.Spam.Gen3737.Sanesecurity.08072802.StormSpam FOUND

    Regards,
    jamie


  9. [MAYBE SOLVED] Re: Solution for Disaster spam?

    Hi *,

    Am 2008-08-01 19:28:44, schrieb Michelle Konzack:
    > Right, spamassassin scored the spams with only -0.8 to +1.9 and I had to
    > install an additional procmail rule which now capture arround 99.9% of
    > it. But I should mention, that I get curently arround 180.000 per day.


    Since Saturday 2008-08-09 spamassassin is scoring the "Disaster spam"
    with 5.3 and now it hit over 99.9% of the spams...

    Gotten arround 780.000 over the last two days...

    Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant


    --
    Linux-User #280138 with the Linux Counter, http://counter.li.org/
    ##################### Debian GNU/Linux Consultant #####################
    Michelle Konzack Apt. 917 ICQ #328449886
    +49/177/9351947 50, rue de Soultz MSN LinuxMichi
    +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (GNU/Linux)

    iD8DBQFIoFNLC0FPBMSS+BIRAsGnAJ9Thp3ET4q+UDDUhzRrQt tW5A4+TgCdHQvW
    Bbj00JQK5BshQWkO6bxcuGE=
    =Hnqc
    -----END PGP SIGNATURE-----


+ Reply to Thread