German spam

[snooper]

other folks getting it too?

see here: http://hosted.ap.org/dynamic/storie...=1010WINS&SECTION=TECHNOLOGY&TEMPLATE=DEFAULT

i cant seem to find anything good enough for a rule on Outlook os the filter in the CP.

can something be done about this server side?

thanks!

 

[SubSpace]

It should be possible..

I'm using a specialized SpamAssassin ruleset that makes short work of this spam, which is caused by a virus of sorts. It doesn't replicate through email though, so instead of being virus scan bait, it's a nuisance on your mailbox.

Ruleset:
http://www.citecs.de/99_sober.cf

 

[snooper]

Sounds good, Sub.

is this a server-side rule, or client?

thanks!

 

[SubSpace]

Server side.. it would have to be installed on the server by JodoHost, since you can't enter any custom per-user rules into H-Sphere.

This rulefile is for SpamAssassin, which is used is used for spam detection in H-Sphere.

 

[snooper]

Thanks Sub,
Just spoke with Support and they will install it for all sites. Ranjan was extremely helpful on the liveChat (not ticket required!) and said he'd do it shortly.



BUT... i for one would like to see Jodo take a more pro-active approach when it comes to spam.
Even if the H-sphere spam filter worked properly (which it still doesn't, AFAIK) - spam is something that must always be looked out for.

 

[SubSpace]

After running this rulefile for a day and half, I discovered a that 2 rules were missing (commented out and blank definition). This was causing 2 of the 30 or so different emails to still get through, so I defined the last two needed rules to block these also:

http://www.subbot.net/temp/99_sober.cf

(PROLO_GSPAM_B_34 and PROLO_GSPAM_B_35 are mine. Copy/paste ftw!)

 

[snooper]

gotcha, thanks again!

 

[tanmaya]

Rules Added. Please change your Anti-spam settings to "Very Aggressive".

Thanks SubSpace for sharing your rules!!

 

[SubSpace]

Actually with these rules the mails in question should get scores of 9.0+, so Very Aggressive shouldn't be necessary.

I still receive a few of them because the From addresses are on my whitelist. Together with Razor2 (not sure if H-Sphere uses it) they get scores of 11+ on my machine, easily enough to send them straight to the bitbucket:

X-Spam-Report:
* 0.2 NO_REAL_NAME From: does not include a real name
* 0.2 INVALID_DATE Invalid Date: header (not RFC 2822)
* 1.0 PROLO_GSPAM09 German Spam from Sober virus
* 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
* 8.0 PROLO_GSPAM_B_33 BODY: German Spam from Sober virus
* 1.5 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50%
* [cf: 100]
* 0.1 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 0.1 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
* [69.198.177.43 listed in dnsbl.sorbs.net]

 

[snooper]

Rules Added. Please change your Anti-spam settings to "Very Aggressive".

thanks, is already

 

[Stephen]

SubSpace,

Razor2 won't work just yet, I believe psoft is working on it and DCC

 

[SubSpace]

Nice.. I prefer to do my own filtering (can't get more flexible than that^^), but it will certainly help people that don't want to run their own mailservers.

Razor2 usually only adds 0.8 - 1.5 to the spam score of the average spam mail, but it is often enough to get such messages out of the grey area and into the "most likely spam" area