FAQSearchLoginRegister
It is currently Sun Dec 17, 2017 7:27 pm

All times are UTC - 7 hours [ DST ]




Post new topic Reply to topic  [ 27 posts ] 
 SPAM with No Subject and No Message Body 
Author Message

Joined: Wed Aug 08, 2007 9:05 pm
Posts: 10
Post SPAM with No Subject and No Message Body
Hello,

Recently, we have have receiving several message with only the senders email address w/o any content in the Subject of the message body. Attached is a sample.. Any help will be appreciated.

Thanks in Advance
Sunil


Mon Nov 26, 2007 12:28 am
Profile

Joined: Tue Apr 10, 2007 6:46 am
Posts: 260
Location: Germany
Post Re: SPAM with No Subject and No Message Body
Hello Sunil,

are you sure that there is no message body ? The "PDF-Rule" I sent you
should fire on mails like this. Please check your rule, if it is still working.

regs Frank

P.S. sent you a PM

_________________
If you find a rule that works --> share it !


Wed Nov 28, 2007 4:09 am
Profile

Joined: Tue Apr 10, 2007 6:46 am
Posts: 260
Location: Germany
Post Re: SPAM with No Subject and No Message Body
Hello Sunil,

mails with no subject:

RuleType: MIME_HEADER
RegEx: ^Subject:\s*$

regs Frank

_________________
If you find a rule that works --> share it !


Wed Nov 28, 2007 4:27 am
Profile

Joined: Mon Apr 14, 2008 8:57 am
Posts: 27
Post Re: SPAM with No Subject and No Message Body
I recently started receiving these spams, alas! I tried the MIME header Subject rule, but it's not stopping them. I also tried a "To" MIME rule: ^To:\s*$
Since the To field is also blank. I still had 6 come in this morning. The email is addressed solely by BCC (so far as I can tell);

Moreover, I can't export them to my SPAM vector. They REFUSE to export, perhaps since there is no To: address :x.

Is there any way to see the header, etc in this case. I'm currently limited to viewing the properties of the message.

Thanks in advance!

_________________
Image Hack the Gibson...


Thu May 29, 2008 8:18 am
Profile E-mail

Joined: Tue Apr 10, 2007 6:46 am
Posts: 260
Location: Germany
Post Re: SPAM with No Subject and No Message Body
Could ypu post one of these messages so we can take a look at it ?

regs Frank

_________________
If you find a rule that works --> share it !


Fri May 30, 2008 12:26 am
Profile

Joined: Mon Apr 14, 2008 8:57 am
Posts: 27
Post Re: SPAM with No Subject and No Message Body
That's just it...nothing to post. I can't get it into my spam vector so as to provide you with all the good stuff (body text, body html, mime, etc). Any suggestions on how to view that stuff if I only have it in my inbox? Like I said, all I know to do at present in this situation is look at the properties of the email from my Gwava inbox and there is nothing at all there...I tried to save it as a document, same bit... Tricky dicky. :cry:

_________________
Image Hack the Gibson...


Fri May 30, 2008 6:15 am
Profile E-mail

Joined: Fri Apr 28, 2006 5:56 am
Posts: 96
Post Re: SPAM with No Subject and No Message Body
We are getting these blank message and body and subject lines also BUT more interesting is that their is NO MINE headers. It is coming to me as a BC.

This is all that I can get....


Mime-Version: 1.0
X-Mailer: Groupwise 6.5
Date: Wed, 28 May 2008 07:55:45 -0400
Message-ID: <<200805279[6>@Thomasmore.edu>
From: Gary.Tillman@sallandxs.net

_________________
Bill Swisher


Fri May 30, 2008 7:08 am
Profile E-mail

Joined: Mon Apr 14, 2008 8:57 am
Posts: 27
Post Re: SPAM with No Subject and No Message Body
How were you able to get that info? Can you get it into your spam vector? Or is there some other trick? Mine are coming soley as BC too, no subject, no body, nada. The properties only show the sender and that I am BC'd. Each spam has a different sender, different domain, so no help there.

_________________
Image Hack the Gibson...


Fri May 30, 2008 7:16 am
Profile E-mail

Joined: Wed Aug 08, 2007 9:05 pm
Posts: 10
Post Re: SPAM with No Subject and No Message Body
Getting the same here.. Infact, even if certain words are in my spam rules (viagra, cialis, etc) they are getting thru as the name of the sender.... HELPPPPP


Sat May 31, 2008 6:41 pm
Profile

Joined: Mon Apr 14, 2008 8:57 am
Posts: 27
Post Re: SPAM with No Subject and No Message Body
See, I'm not getting the sender name spoofed as Viagra, etc. You COULD write a RAW body rule for Viagra etc, that should stop them (From: is in the RAW body). As a matter of fact, my most effective VIAGRA rule is a RAW body since it takes care of From:, Subject, and body. See if that works for you.

Meanwhile, I'm stuck :(.

_________________
Image Hack the Gibson...


Mon Jun 02, 2008 6:22 am
Profile E-mail

Joined: Wed Aug 08, 2007 9:05 pm
Posts: 10
Post Re: SPAM with No Subject and No Message Body
Hi Cyper

I have a RAW body rule for Viagra, etc, but I guess is not affective enough.. Would you mind sharing with me your rule..

As for the blank SPAM, I guess we both are stuck

Sunil


Mon Jun 02, 2008 8:09 am
Profile

Joined: Mon Apr 14, 2008 8:57 am
Posts: 27
Post Re: SPAM with No Subject and No Message Body
Raw Body Expression: viagra
Case insensitive, multifire, letter substitution.
I have the score set to 1000, even though the threshold is 10 since:
7005 Spam, 0 Ham.

I also use another RAW Body Expression: From: VIAGRA
Case insensitive
It only hits on 119 Spam, 0 Ham, with 119 overlap w/ the first rule, so it's not needed (and is also proof that the first rule will fire on those from "VIAGRA"

You could change either to be: (viagra|cialis|levitra|etc)
Hopefully that helps.

_________________
Image Hack the Gibson...


Mon Jun 02, 2008 9:20 am
Profile E-mail

Joined: Wed Aug 08, 2007 9:05 pm
Posts: 10
Post Re: SPAM with No Subject and No Message Body
Thanks Cyper


Mon Jun 02, 2008 6:20 pm
Profile

Joined: Tue Apr 10, 2007 6:46 am
Posts: 260
Location: Germany
Post Re: SPAM with No Subject and No Message Body
Hello,

what about the time-zones ? Could be a good point to start from to combat this spam.

regs Frank

_________________
If you find a rule that works --> share it !


Wed Jun 04, 2008 12:20 am
Profile

Joined: Mon Apr 14, 2008 8:57 am
Posts: 27
Post Re: SPAM with No Subject and No Message Body
Frank,

I modified your original Time zone post to work best here in the USA. Here it is:
MIME header expression:
([\+]0[1-9]00|[\+]0[1-9]30|[\+]1[0-3]00|[\-]0[1-3]00|[\-]1[0-2]00|\+0545)

This blocks all but GMT -4,-5,-6,-7,-8,-9.
I used the Time Zone tab in the Date and Time properties in Windows for a quick reference on which ones I should allow.

I'll let you know how this works!

_________________
Image Hack the Gibson...


Wed Jun 04, 2008 8:40 am
Profile E-mail

Joined: Wed Aug 08, 2007 9:05 pm
Posts: 10
Post Re: SPAM with No Subject and No Message Body
Guys, I am confused... How does help? I am located in Hong kong (GMT +8). By using a similar rule, will it block emails from other timezones or only specific ones? What kind of rule will I need to create

Tx
Sunil


Wed Jun 04, 2008 10:59 pm
Profile

Joined: Tue Apr 10, 2007 6:46 am
Posts: 260
Location: Germany
Post Re: SPAM with No Subject and No Message Body
Hello Sunil,

you have to change the rule depending from where you are located. The rule will not automatically block mails depending from the score you give the rule. But it helps a lot to minimze spam. Often it's co-firing with other rules. If you have good HAM-rules, you won't get false positives.

regs Frank

_________________
If you find a rule that works --> share it !


Wed Jun 04, 2008 11:45 pm
Profile

Joined: Wed Aug 08, 2007 9:05 pm
Posts: 10
Post Re: SPAM with No Subject and No Message Body
Hi Bensen

I am not good with rules, thus need the expert advise from you guys.. You have helped me the past with some great rules that work well here. Thus, what would be the content of the rule if it was our server which is based in HK to target this spam. We get about 2 to 3 such emails every day

Thanks
Sunil


Wed Jun 04, 2008 11:55 pm
Profile

Joined: Tue Apr 10, 2007 6:46 am
Posts: 260
Location: Germany
Post Re: SPAM with No Subject and No Message Body
Hello Sunil,

just take a look at the thread "Timezone differences in mime header" posted here in anti-spam-rules. This is what I'm using:

([\+]0[3-9]00|[\+]0[3-9]30)

Rule-Type: MIME-Header

So this rule fires on every mail that hat a time-zone in it's header from +0300 up to +0930

You have to change it, depending from the countries wehere you get your spams from. For example, if you get a lot of spam from Europe you could use:

([\+]0[1-2]00|[\+]0[1-2]30)

regs Frank

_________________
If you find a rule that works --> share it !


Thu Jun 05, 2008 12:30 am
Profile

Joined: Mon Apr 14, 2008 8:57 am
Posts: 27
Post Re: SPAM with No Subject and No Message Body
I know that all of our legit mail comes from the continental USA. Therefore, I blocked every timezone except the four in the US (-0500 through -0800), plus -0900 for Alaska.

You could make your rule as simple as: (0900|0800|0530)
It's easier to visualize each time zone you're blocking, separated by an OR "|"
Franks rule is able to cover 14 time zone variations in much less space.

Franks rule: ([\+]0[3-9]00|[\+]0[3-9]30)
Says "+0" followed by any number between 3 & 9, followed by "00" OR
"+0" followed by any number between 3 & 9, followed by "30"

So hits would be "+0300" through "+0930" in "0030" increments (0300,0330,0400,0430,0500,etc).

_________________
Image Hack the Gibson...


Thu Jun 05, 2008 6:06 am
Profile E-mail

Joined: Tue Apr 10, 2007 6:46 am
Posts: 260
Location: Germany
Post Re: SPAM with No Subject and No Message Body
mx|CyPHeR| wrote:
You could make your rule as simple as: (0900|0800|0530)
It's easier to visualize each time zone you're blocking, separated by an OR "|"
Franks rule is able to cover 14 time zone variations in much less space.

Franks rule: ([\+]0[3-9]00|[\+]0[3-9]30)
Says "+0" followed by any number between 3 & 9, followed by "00" OR
"+0" followed by any number between 3 & 9, followed by "30"

So hits would be "+0300" through "+0930" in "0030" increments (0300,0330,0400,0430,0500,etc).


No, thats a little bit too simple. You have to use the + or - to identify the correct time zones. Otherwise 0300 would fire on +0300 and -0300. Also it would fire on legit mails that have these numbers in the header.
You have to escape the + or the - with a backslash.
Example: (\+0300|\+0330|\+0400) and so on. So you can add every time zone you want.

regs Frank

_________________
If you find a rule that works --> share it !


Thu Jun 05, 2008 7:05 am
Profile

Joined: Mon Apr 14, 2008 8:57 am
Posts: 27
Post Re: SPAM with No Subject and No Message Body
Nice catch Frank! I meant to include the + or -

\+(0900|0800|0530) if all were "+" OR
(\+0900|\-0800|\+0530) for +0900,-0800,+0530

I don't think you need the escape char "\" for the "-", but it doesn't hurt...right?

_________________
Image Hack the Gibson...


Thu Jun 05, 2008 7:11 am
Profile E-mail

Joined: Tue Apr 10, 2007 6:46 am
Posts: 260
Location: Germany
Post Re: SPAM with No Subject and No Message Body
Yes there is no need to escape the minus but its better to read and if you always escape special characters you won't forget it when you need something to escape, just a habit.

regs Frank

_________________
If you find a rule that works --> share it !


Thu Jun 05, 2008 7:21 am
Profile

Joined: Mon Apr 14, 2008 8:57 am
Posts: 27
Post Re: SPAM with No Subject and No Message Body
I've noticed that all of this blank spam still coming through is between the hours of 11PM and 5AM (my time). So I wrote another MIME rule that looks for those hours. At first I tried to use the date field, but it was a little too tricky for me. This is what I came up with:

MIME header
(23|0[0-4]):[0-5][0-9]:[0-5][0-9] \-0[4-5]00

-0500 is for Eastern Standard time (me). Does this switch to -0400 during daylight savings time? I noticed most are firing on the -0400, not the -0500.

Any suggestions for making this rule better?
P.S.: The time zone rule is catching all but a few blanks.

_________________
Image Hack the Gibson...


Thu Jun 05, 2008 8:00 am
Profile E-mail

Joined: Tue Apr 10, 2007 6:46 am
Posts: 260
Location: Germany
Post Re: SPAM with No Subject and No Message Body
Vou've got an PM :wink:

regs Frank

_________________
If you find a rule that works --> share it !


Thu Jun 05, 2008 8:42 am
Profile

Joined: Wed Aug 08, 2007 9:05 pm
Posts: 10
Post Re: SPAM with No Subject and No Message Body
Thanks... I will give it a try


Thu Jun 05, 2008 7:11 pm
Profile

Joined: Mon Jan 07, 2008 3:12 pm
Posts: 45
Post Re: SPAM with No Subject and No Message Body
thx


Wed Jun 25, 2008 7:45 am
Profile E-mail
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 27 posts ] 

All times are UTC - 7 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.