Ein paar Regeln für Spamassassin

 

Ich habe mich heute mal hingesetzt, um die aktuelle Spam-Flut in ein paar handliche Regeln für Spamassassin zu giessen. Vielleicht hilft es ja noch ein paar anderen geplagten Mail-Admins: 

 
# Spamassassin.Rules by Domski
# for German SPAM-Mails with PDF-Attachement with Stock advertising

body       MN_SWISS_STOCK /ISIN\sCH0027339107/i
describe   MN_SWISS_STOCK contains spam for swiss Tier Spezi AG
score      MN_SWISS_STOCK 2.0

body       MN_SWISS_STOCK2 /WKN\:\sA0LB1T/i
describe   MN_SWISS_STOCK2 contains spam for swiss Tier Spezi AG
score      MN_SWISS_STOCK2 2.0

header     MN_PDF_SPAM_1 Subject = ~/[E|e][Mm][Aa][Ii][Ll][Ii][Nn][Gg]\:\s/
describe   MN_PDF_SPAM_1 MN_PDF_SPAM_1
score      MN_PDF_SPAM_1 1.5

header          MN_PDF_SPAM_2 Subject = ~/\b[Zz]ahlung\.[Pp][Dd][Ff]/i
describe        MN_PDF_SPAM_2 Deustcher E-Mail PDF-Spam
score           MN_PDF_SPAM_2 0.7

header          MN_PDF_SPAM_3 Subject =~ /\b[S|s]check\.[P|p][D|d][F|f]/i
describe        MN_PDF_SPAM_3 Deustcher E-Mail PDF-Spam
score                   MN_PDF_SPAM_3 0.7

header          MN_PDF_SPAM_4 Subject =~ /\b[Bb]estatigung\.[Pp][Dd][Ff]/i
describe        MN_PDF_SPAM_4 Deustcher E-Mail PDF-Spam

score                   MN_PDF_SPAM_4 0.7
header          MN_PDF_SPAM_5 Subject =~ /Report$/i
describe        MN_PDF_SPAM_5 Deustcher E-Mail PDF-Spam

score                   MN_PDF_SPAM_5 0.3
header          MN_PDF_SPAM_6 Subject =~ /[Oo]rder[0-9]{5}\.[Pp][Dd][Ff]$/
describe        MN_PDF_SPAM_6 Deustcher E-Mail PDF-Spam
score                   MN_PDF_SPAM_6 0.3

header          MN_PDF_SPAM_7 Subject =~ /[Ii]nvestor[0-9]{5}\.[Pp][Dd][Ff]$/
describe        MN_PDF_SPAM_7 Deustcher E-Mail PDF-Spam
score                   MN_PDF_SPAM_7 0.3

header          MN_PDF_SPAM_8 Subject =~ /[Ee]inzahlungsauftrag\.[Pp][Dd][Ff]$/
describe        MN_PDF_SPAM_8 Deustcher E-Mail PDF-Spam
score                   MN_PDF_SPAM_8 0.3

meta                    MN_META_PDF2 ((MN_PDF_SPAM_1 + MN_PDF_SPAM_2) > 1)
score                   MN_META_PDF2 8.0

meta                    MN_META_PDF3 ((MN_PDF_SPAM_1 + MN_PDF_SPAM_3) > 1)
score                   MN_META_PDF3 8.0

meta                    MN_META_PDF4 ((MN_PDF_SPAM_1 + MN_PDF_SPAM_4) > 1)
score                   MN_META_PDF4 8.0

meta                    MN_META_PDF5 ((MN_PDF_SPAM_1 + MN_PDF_SPAM_5) > 1)
score                   MN_META_PDF5 8.0

meta                    MN_META_PDF6 ((MN_PDF_SPAM_1 + MN_PDF_SPAM_6) > 1)
score                   MN_META_PDF6 8.0

meta                    MN_META_PDF7 ((MN_PDF_SPAM_1 + MN_PDF_SPAM_7) > 1)
score                   MN_META_PDF7 8.0

meta                    MN_META_PDF8 ((MN_PDF_SPAM_1 + MN_PDF_SPAM_8) > 1)
score                   MN_META_PDF8 8.0

EOF

 
 
 
 
 
 
 
 
 
 
 
 
 
 

Zusätzliche Informationen