Print Page | Close Window

How to stop new spam

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5640
Printed Date: 30 April 2025 at 11:41am


Topic: How to stop new spam
Posted By: WebGuyz
Subject: How to stop new spam
Date Posted: 06 June 2006 at 2:14pm

Getting tons of spam emails with same FROM & TO and all just have sequence of numbers in subject and body. Tried a regex as below but I'm stopping regular emails as well. Can't enable the option to reject same from-to in SF in my case. Anyone found a good way to stop it using rejex?

((?i)Subject:.[0-9])

 

Thanks!



-------------
http://www.webguyz.net



Replies:
Posted By: sgeorge
Date Posted: 06 June 2006 at 3:00pm
Hey man, can you post some examples of subjects or messages with the sequences?

Also, I can tell right now why the filter you mention above is catching too much - it's way too broad:

. - will match any character
[0-9] - will match any single digit

Put together, your RegEx statement will block subjects such as

I like July 4th
Confirmation ID #235623
10 reasons you should return my phone calls


Stephen


Posted By: Guests
Date Posted: 06 June 2006 at 3:39pm

I had the same too, http://isc.incidents.org/ - http://isc.incidents.org/  even reported such yesterday also as they were watching it and had numerous reports of the same.

What I trying to figure out is why SPF (which we use and implement for our domain) didn't stop the messages.  After tracking them in the log, it was found that the were autowhitelisted which is baffling to me to figure out why they were white listed.

 

 



Posted By: sgeorge
Date Posted: 06 June 2006 at 3:50pm
That is odd, Wes.  Does the log entry indicate what caused the messages to be whitelisted? You coud post the log entry (without the email addresses) here?

Stephen


Posted By: WebGuyz
Date Posted: 06 June 2006 at 3:51pm

Here is what I want to catch:

Subject: 455
Subject: 586876
Subject: 1545453

 

The common denominator is that the first character is a number but the length varies and i don't want to catch stuff anywhere else but the first number after Subject:^(I use ^ to represent a space)



-------------
http://www.webguyz.net


Posted By: sgeorge
Date Posted: 06 June 2006 at 4:12pm
I see.  Funny you should mention ^.  In RegEx, ^ can be used to force it to identify the beginning of a line.  $ Can be used to represent the end of a line. 

Hopefully this will do:

((?i)subject:^\d{3,}$)         - A subject of 3 or more digits
((?i)subject:^ \d{3,}$)         - (Same, with a space in the beginning


Stephen


Posted By: WebGuyz
Date Posted: 06 June 2006 at 4:42pm

Originally posted by sgeorge sgeorge wrote:

I see.  Funny you should mention ^.  In RegEx, ^ can be used to force it to identify the beginning of a line.  $ Can be used to represent the end of a line. 

Hopefully this will do:

((?i)subject:^\d{3,}$)         - A subject of 3 or more digits
((?i)subject:^ \d{3,}$)         - (Same, with a space in the beginning


Stephen

Not catching anything at all. Will try to study the regex stuff some more. Thanks!



-------------
http://www.webguyz.net


Posted By: Marco
Date Posted: 07 June 2006 at 4:41am

I have a couple of those in the QDB too, is it actually spam? is a product pushed? the mails in the DB look harmless.

 

A bit offtopic but:

You guys know what i think is a real problem: Spammers can read over your shoulders in this open forum! On top of that: they can set up a testbed with spamfilter ISP free version and try out all sorts of combinations to see if SF will pass it through..... Think about it. Suppose i would say: block any email with subjects that only have digits: next that would happen is that random characters are inserted.. we are allways one step behind.

This is because of the way email traffic works: it's scheme is: "allow anything, unless this and that", it would be better if it was "block all, but allow under certain conditions". (like a firewall) Unfortunately, this method cannot be used by ISP's, but it can for companies.

Since companies are an important target for spams maybe this approach should be implemented into SF somehow.

Something like a 'reverse bayesian filter', a filter that learns solely of good emails, and has the power to stop anything, unless it is recognised a beeing a 'good' mail.

 



-------------
Anyone who is capable of getting himself made president, should on no account be allowed to do the job. D.Adams


Posted By: WebGuyz
Date Posted: 07 June 2006 at 7:46am

The spam is harmless but its also a way to harvest email addresses, no rejection means a valid email address. Its costing me time by customers who don't get usually get spam calling me and asking me what this is. I had 5 phone calls and one from a customer who has 150 users and they were all getting them and bugging the admin who was ended up bugging me.

I agree that SF is successfull and as a result has become a target by the dark side.

 



-------------
http://www.webguyz.net



Print Page | Close Window