Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

gav (2710)

gav
  (email not shown publicly)
http://www.estey.com/
AOL IM: flufflegavin (Add Buddy, Send Message)
Hacker in NYC.

Journal of gav (2710)

Tuesday January 20, 2004
09:43 AM

SpamAssassin rules

[ #16917 ]

I've added the following rules to my SpamAssassin ruleset this weekend to try to keep winning this losing battle:

score HABEAS_SWE -5.0

header SUBJECT_RE_XXX Subject =~ /^Re: [A-Z]+,(?: [a-z]+){3}$/
describe SUBJECT_RE_XXX Spammy subject RE
score SUBJECT_RE_XXX 2.0

rawbody BODY_LOTS_OF_WORDS /(?: [a-z]+){20,}/
describe BODY_LOTS_OF_WORDS Body contains a bunch of lower case words
score BODY_LOTS_OF_WORDS 1.5

header SUBJECT_CHEAP_MEDS Subject =~ /^Cheap Meds/
describe SUBJECT_CHEAP_MEDS Selling Xanax, Valium, Viagra, Soma...
score SUBJECT_CHEAP_MEDS 5.0

rawbody BODY_CONTAINS_XANAX /[Xx].?[Aa].?[Nn].?[Aa].?[Xx]/
describe BODY_CONTAINS_XANAX Body contains XANAX
score BODY_CONTAINS_XANAX 0.8

rawbody BODY_CONTAINS_VALIUM /[Vv].?[Aa].?[Ll].?[Ii].?[Uu].?[Mm]/
describe BODY_CONTAINS_VALIUM Body contains VALIUM
score BODY_CONTAINS_VALIUM 0.7

rawbody BODY_CONTAINS_VIAGRA /[Vv].?[Ii].?[Aa].?[Gg].?[Rr].?[Aa]/
describe BODY_CONTAINS_VIAGRA Body contains VIAGRA
score BODY_CONTAINS_VIAGRA 0.9

meta BODY_LOTS_OF_DRUGS (BODY_CONTAINS_XANAX && BODY_CONTAINS_VALIUM && BODY_CONTAINS_VIAGRA)
describe BODY_LOTS_OF_DRUGS Somebody is selling prescription drugs
score BODY_LOTS_OF_DRUGS 6.0

header UNLIMITED_ORGASMS Subject =~ /^Give her unlimited orgasms/i
describe UNLIMITED_ORGASMS Annoying graphic advert
score UNLIMITED_ORGASMS 10


List all Journal entries
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

SpamAssassin rules 3 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • It was on my to do list to do the exact same thing. Stuipd "RE: XXX" spams :)
    --

    -biz-

    • I'm currently using this for those spams:

      # New flood of spam with subject lines like "Re: SYACZAS, you can believe"
      # (The word "woland" happened to occur in a couple of the subject lines)
      header __L_SUBJ_WOLAND  Subject =~ /^Re: [A-Z]{2,8},( [a-z]{2,16}[.?'!]{0,2}){3}$/
      header __L_MUA_MPOP X-Mailer =~ /^mPOP Web-Mail 2\.19$/
      header __L_MIME_BOUND_ALT  Content-Type =~ /boundary="--ALT--[A-Z]{4}\d{14}"/
      meta L_WOLAND_SPAM  __L_SUBJ_WOLAND && __L_MUA_MPOP && __L_MIME_BOUND_ALT
      descr

  • also catcjes annoying: /^Test, yep$/

    Those damned recent "Hi" spams.
    --
    rjbs
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.