[Rspamd-Users] "rezeptfrei" spam (was: Re: Control rspamd depending on subject content)
Patrick Cernko
pcernko at mpi-klsb.mpg.de
Mon Jan 22 04:59:34 UTC 2024
Hello list, hello Andreas,
On 20.01.24 10:06, Andreas wrote:
> Most emails have typical phrases such as “r_ezept-frei”, “Rezept-frei”, “pharmacy”, Pharma”
> in the subject.
I came up with a custom lua script to fight this kind of spam. The idea
was, that this spam can be detected by checking if the subject starts
with the recipient's local_part, contains an obfuscated version of the
string "rezeptfrei" and the content starts with "GREETING <local_part>".
Code in attachment.
In addition, I added some composites that bump scores drastically:
# apothekenspam with:
# - subject starting with local part of To
# - url regexp matches
MPI_APONL_WITH_URL_COMPOSITE {
# the '-' prefix is required to KEEP the symbol and score,
# otherwise, composites remove the symbols used and their scores
expression = "-MPI_APONL_LP and -MPI_APONL_URL";
score = 10.0;
}
MPI_APONL_WITH_SENDER_COMPOSITE {
# the '-' prefix is required to KEEP the symbol and score,
# otherwise, composites remove the symbols used and their scores
expression = "-MPI_APONL_LP and -MPI_APONL_SENDER";
score = 10.0;
}
Best,
--
Patrick Cernko <pcernko at mpi-klsb.mpg.de> +49 681 9325 5815
Joint Scientific IT and Technical Service
Max-Planck-Institute für Informatik & Softwaresysteme
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rspamd.local.lua
Type: text/x-lua
Size: 4322 bytes
Desc: not available
URL: <https://lists.rspamd.com/pipermail/users/attachments/20240122/7f8f2852/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5871 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.rspamd.com/pipermail/users/attachments/20240122/7f8f2852/attachment-0001.bin>
More information about the Users
mailing list