You really need to take a more careful look at the spam in question, and
relate it to all the other spam you look at, and come up with regexes to
match key items and characteristics across as many examples as possible.
This won't even necessarily be text, it'll just be a reflection of spammer
behavior that distinguishes it from other legitimate mail.

I'll throw in one example, and assume that the slimeballs producing the
latest version of BulkMailGold or whatever are reading this and will modify
their crap accordingly: long strings of spaces in Subject lines. Why this
occurs so often I have no idea, but if I match that then all those headers
like

   Subject: CELLULAR BOOSTER ANTENNAS! 24712

cause immediate rejection. There are other characteristics and substrings
and formatting that you'll be able to determine by actually *reading* your
spam and thinking "okay, do I, or will I, ever get legitimate mail that has
these attributes?" If the answer is no, you've got a new rule to add that
will cover all your known *and* unknown cases.

Who *is* maintaining those helpful repositories of sample rulesets
these days, anyways?

_H*
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]