[Wine] russian spam with only two lines in the body

Martin Gregorie martin at gregorie.org
Tue Aug 24 20:30:32 CDT 2010


On Wed, 2010-08-25 at 11:43 +1200, Peter Lowish wrote:
> So this should do it in my .cf file
> 
> body     Ban_RussUrl    /www\..{1,16}\.ru/
> score    Ban_RussUrl 	15
> describe Ban_RussUrl 	Russian url spam
> 
Not quite. I suggested using a uri rule not a body one. A score of 5 or
6 should be enough. Be sure to test it: its rather a sledgehammer and
will certainly FP if your organisation has Russian correspondents.
Personally I'd use a meta because its far less likely to FP:

describe RU_SPAM Russian spam-bot messages
uri      __RU_S1 /www\..{1,16}\.ru/
header   __RU_S2 From =~ /[a-z]{7,8}[0-9]{4}\@/ 
header   __RU_S3 Reply-To =~ /[a-z]{7,8}[0-9]{4}\@/ 
meta     RU_SPAM (__RU_S1 &&__RU_S2 &&__RU_S3)
score    RU_SPAM 5.5

Caveat: this hasn't been lint checked or tested. Do both before
deploying it.


Martin






More information about the wine-users mailing list