Internet Security and Programming

Block spam uses drug names in Subject with SpamAssassin

Clifton’s test rules for drug spam that uses obfu drug names, and doesn’t mention the real name
(more…)

Posted in Internet, Spam | No Comments »

Identify and determine spam or normal visitors on your web

Distinct behavior can help we identify spam from visitors even spam try to fake it self as a normal web user. Here is some part that I found and I create mod_security rule for Apache to block it.
(more…)

Posted in Internet, Spam | No Comments »

Spammer always use non RFC-822 compliant date header

I found that there have a lot of blocked email that using non RFC-822 compliant date.

If you using SpamAssasin there have filter rule 20_head_tests.cf

header INVALID_DATE Date !~ /^\s*(?:(?i:Mon|Tue|Wed|Thu|Fri|Sat|Sun),\s+)?[0-3\s]?[0-9]\s+
(?i:Jan|Feb|Ma[ry]|Apr|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+
(?:[12][901])?[0-9]{2}\s+[0-2]?[0-9](?:\:[0-5][0-9]){1,2}\s+
(?:[AP]M\s+)?(?:[+-][0-9]{4}|UT|[A-Z]{2,3}T)(?:\s+\(.*\))?\s*$/ [if-unset: Wed, 31 Jul 2002 16:41:57 +0200]
describe INVALID_DATE Invalid Date: header (not RFC 2822)

However, you need to set score on this rule in your local.cf
(more…)

Posted in Spam | No Comments »

Block images spam with spamassasin

If you get a lot of spam mail that using images so you can try my spamassassin rules.
You can adjust the score as you want and let me know if there have some error or mistake.

(more…)

Posted in Internet, Spam | No Comments »

Drug spam use new technique avoid URL blacklist

Currently, there have e-mail spam that using typo url to bypass from domain blacklist.

I check both URIBL and SURBL, with the correct type and found the domain is in the lists.

(more…)

Posted in Internet, Spam | No Comments »