On Fri, Dec 08, 2006 at 01:20:30PM +0000, Pete McEvoy wrote:
> On Fri, Dec 08, 2006 at 12:55:11PM +0000, Pete McEvoy wrote:
> > On Thu, Dec 07, 2006 at 12:59:31PM -0800, Marc Perkel wrote:
> > > Here's an ACL that works for me stopping a LOT of stock spam
> > >
> > > drop mime_regex = Symbol\: [A-Z]{4}\nCurrent Price\: Around
> > > message = REGEX - Stock Spam - H=$sender_fullhost - S=$h_Subject: -
> > > F=$h_From: - T=$h_To:
> >
> > How does this work? The stock spam emails I get just have some
> > hashbuster text in the body with the spam message embedded in an
> > attached gif.
>
> Presumably Marc wont be able to answer my question..
Seriously though (amusing though the lower part of this thread has become :-),
that regex looked sensible enough, for catching text spam (no good for image
spam, of course). For example, <digs one out of the mail spool>,
grep -r -C2 ^Symbol: spool/input/
spool/input/1Gs5Pv-00069w-HE-D-Premier Holdings Group
spool/input/1Gs5Pv-00069w-HE-D-
spool/input/1Gs5Pv-00069w-HE-D:Symbol: PMHD
spool/input/1Gs5Pv-00069w-HE-D-Current Price: 0.37
spool/input/1Gs5Pv-00069w-HE-D-Target price: 1.35
(You get the idea). My spam is not exactly like the regex (no "Around" in my
spam), but it's close.
However what I don't get is why Pete's posting was rejected - it didn't match
that regex, AFAICT. So unless I've missed something, I can only assume that
Mark's server isn't actually using that regex as posted.
--
Dave Evans
Power Internet
PGP key:
http://powernet.co.uk/~davide/pgpkey
