Michael A. Miller wrote:
For mailfilter, I block all of the swen shit by doing"Amal" == Amal Phadke <[EMAIL PROTECTED]> writes:
> I am currently using combination of Spamassassin and access > control via /etc/mail/access (I use sendmail) with good > success. Now "MS Patches" are down to one or two per > day. Before I used to get about 80 or more in a day.
What spamassassin rules are you using for swen? After googling for a while, I assembled the following rules that seem to work pretty well. But I wonder if there is something more elegant that I could do. For example, I expect this message to get scored high when spamassassin sees the body ;-)
Mike
score MICROSOFT_EXECUTABLE +5
body SWENVIRUS /allow an malicious user to run code on your computer/ score SWENVIRUS +5.5
body SWENVIRUS2 /Microsoft C.*mer/i score SWENVIRUS2 +2
body SWENVIRUS3 /You don't need to do anything after installing this item/i score SWENVIRUS3 +2
header SWENHEADER Subject =~ /Microsoft Critical/i score SWENHEADER +2
header SWENHEADER2 Subject =~ /New Microsoft Security Update/i score SWENHEADER2 +2
DENY<>^(To|Cc):.*(name1|name2|name3)@tampabay\.rr\.com
Be sure to have this somewhere in the .mailfilterrc file, also:
REG_TYPE = extended
Yeah, the default is REG_TYPE = basic.
I noticed that the swen doesn't tend to send directly to me, so that rule above helps alot. Just to make sure though, I DENY things like MS Micrisoft, alert, error advice, etc.
Cheers.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
