I am hoping someone on this list can help. my server is getting *hammered*
by spam like this one:

http://archive.netbsd.se/?ml=cygwin&a=2008-10&m=8903823

and this one:

http://niet.com/message_info.php?id=39831

these are short and simple and always get by spamassassin, greylisting, the
DNSRBLs, and so on. it is like they get a valid e-mail server, send out a
lot of this sort of spam, then disappear. but they use *lots* of different
e-mail servers, and change things all the time so it is difficult to make a
general rule.

the e-mail servers are always different, as are the addresses at the bottom.
the only real "pattern" I can see is that the SPAM always includes
references like this:

http://fsbonh.com/MxAGpeMvMAvGivpYpYpYexvAiMHOGp

so each message includes a few references to similar URLs, with slightly
different keys after the domain. the form is like this:

http://{domain}/{31-character encoded key, mixed upper and lower case
alpha characters}

has anyone seen this type of spam? is there some way of defining a rule to
add a weight for this? I am not a perl expert, so any help you could
provide would be greatly appreciated !!

dave



--
View this message in context: http://www.nabble.com/need-help-crea...p20425116.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.