Z-Car

Some useful custom SpamAssassin rules and settings – modify your own

 

I have a Linux server that I use for managing web sites, development work, etc.  In addition, I use it to host a mail server for two domains that I have had since 1993.  Because of their age, and the number of email addresses that were used on them over the years, they receive a LOT of Spam.  In order to manage this huge volume of SPAM, I use SpamAssassin, and a ton of custom rules in Postfix to minimize the amount of spam that ultimately reached my inbox.  

Here is a collection of score changes, and custom filters that I use.  These change on a fairly regular basis, as the Spammers are always making changes.  I will try and keep this updated fairly often.

If you have any questions on how to write a rule, or have a suggestion for a good one, leave a comment or email.  

score RAZOR2_CHECK 5
score BAYES_999 1.0
score BAYES_00 -4
score T_FREEMAIL_DOC_PDF 2
score DIGEST_MULTIPLE 5
score MPART_ALT_DIFF 5
score RCVD_IN_MSPIKE_L5 4
score URIBL_BLACK 5
score URIBL_DBL_SPAM 5
score DCC_CHECK 5
score PYZOR_CHECK 5

mimeheader ZIP_ATTACHED Content-Type =~ /zip|xls|docm|doc/i
describe ZIP_ATTACHED email contains a zip file attachment
score ZIP_ATTACHED 4.5
header CUSTOM_PHP_ID_SPAM X-PHP-Originating-Script =~ /class.php/
score CUSTOM_PHP_ID_SPAM 5

header CUSTOM_UNQ_ID_SPAM X-MC-Unique =~ /randcase/
score CUSTOM_UNQ_ID_SPAM 5

header CUSTOM_UA_ID_SPAM User-Agent =~ /Mutt/
score CUSTOM_UA_ID_SPAM 5

rawbody CUSTOM_GMAIL_SPAM /style\=\”color\:\#245dc1\;text\-decoration\:none\;/
score CUSTOM_GMAIL_SPAM 4

rawbody CUSTOM_WHATSAP_SPAM /background\:\#d9d9d9\;font\-family\:arial\;font\-weight\:normal\;font\-size\:11px\;color\:\#808080\;/
score CUSTOM_WHATSAP_SPAM 4

rawbody CUSTOM_FEDEX_SPAM /style\=\”text\-decoration\:none\;color\:\#4d148c\;\” alt\=\”Privacy policy\” title\=\”Privacy policy/
score CUSTOM_FEDEX_SPAM 4

body CUSTOM_FARGO_SPAM /FARGO\, ND 58103/
score CUSTOM_FARGO_SPAM 4

rawbody CUSTOM_INLINE_IMAGE /src=”cid:/
score CUSTOM_INLINE_IMAGE 5.5

rawbody CUSTOM_TRACKING_CODE /img src=”(.*)\.us(.*)\?email/
score CUSTOM_TRACKING_CODE 5.5

rawbody CUSTOM_ENDS_IN_GUID /[A-Za-z0-9]{8}[A-Za-z0-9]{4}[A-Za-z0-9]{4}[A-Za-z0-9]{4}[A-Za-z0-9]{12}$/
score CUSTOM_ENDS_IN_GUID 7.5

rawbody CUSTOM_ALT_IN_GUID /alt=”[A-Za-z0-9]{8}[A-Za-z0-9]{4}[A-Za-z0-9]{4}[A-Za-z0-9]{4}[A-Za-z0-9]{12}”/
score CUSTOM_ALT_IN_GUID 0.5

 


What would you do if you were Invisible?

invisibility_cloak

Scientists at the University of California, Berkeley, led by Xiang Zhang, have demonstrated for the first time they were able to cloak three-dimensional objects using artificially engineered materials that redirect light around the objects.   Underlying the work is the idea that bending visible light around an object will hide it.

XiangZhang said: “In the case of invisibility cloaks or shields, the material would need to curve light waves completely around the object like a river flowing around a rock.”  The research, which was heavily funded by the military, will be published in two journals, Nature and Science, later this week.

People can see objects because they scatter the light that strikes them, reflecting some of it back to the eye. Cloaking uses materials, known as metamaterials, to deflect radar, light or other waves around an object, like water flowing around a smooth rock in a stream.

So, to me, the real question is what would YOU use an invisible cloak for?  Rob a bank?  Peek in on your neighbors?  Leave me a comment and tell me what your first act would be if you had an invisible cloak.


Terrorist Screening Database – The Terrorist Watch List

terrorist_watch_list

I am one of the unfortunate many who’s name is in the FBI’s Terrorist Screening Database, also known as the Terrorist Watch List.  What this means is that when I travel, my name is flagged and I have to be properly identified before I am allowed to get a boarding pass.  In addition, I also am more likely to be singled out for random screening during the normal screening process as you go through security.  When traveling with others, like my family or business associates, they are also more likely to be randomly searched, and often require additional identification at the check-in counter.

Am I a terrorist you ask?  No, I just have the bad luck of having a very common name.  Someone with the same name as me is apparently wanted by the FBI, and I get flagged since our names match.

The Terrorist Screening Center (TSC) maintains the consolidated database of the names for all known or suspected terrorists, which is known as the Terrorist Screening Database (TSDB).  The Terrorist Screening Center was created on Dec 1, 2003 by Homeland Security Presidential Directive 6 which directed that a center be established to consolidate the government’s approach to terrorism screening and to provide for the appropriate and lawful use of terrorist information in screening processes.  At this time, over 400,00 names are contained in the database, with 5-6% of that number being US Citizens.

Am I upset?  Not really, usually this only causes a short delay (5-10 minutes) when checking-in, and at most airports, the random screening is often faster than waiting in the long security line.  In general, I respect what the government is trying to do, and I subscribe to the motto, better safe than sorry.  I have recently heard that registering with a slightly different variation of your name, like using full middle name, can help prevent getting flagged.  I am going to try that the next time I fly and will comment if it is successful.

Has anyone else found that they are on the list?  What are your experiences, and are you upset you are on the list?