Snowshoe email filter for Thunderbird
so it seems we now have this "snowshow" type of spam-- where random "from" addresses are used.
the Thunderbird filter for "not in my address book" re-directs these messages into my "Fraud" folder naturally, and that's All Good the messages i'm getting now though are adverts for rogue pharmacies and i want to just delete these instead of posting them for review but: the messages are written in html with all of the text written in html like this: style=3D"color:#DD694B; font-size:24pt">D</span>QÈQ§<span = the D there is part of their message "MEDICATIONS AT THE BEST PRICE" but as you see they have obfuscated the source so that a filter is not easy to apply against that string -- as the string does not occur in the body(source) only in the HTML presentation what I need is the ability to apply the filter against the RAW HTML -- not just against its enclosed text strings any ideas/experience on this ? |
You have no control over the mail server?
Generally efficient spam blocking is done in the mail header, blocking regular expressions in the body of the message is slow and time consuming, especially if your refreshing your maildir from the server at regular intervals. On top of that, depending on how your mail client is set up, you may only be downloading the headers and pull down the messages when you select the header, in which case regular expression tests run against the body of the message will have no effect. Why don't you post a header from a couple of the offending messages and maybe I can help you. |
snowshoe filter ( cont'd )
I'll certanly appreciate any help!!!!!
I'm running Thunderbird 24.5 on a LMDE/MINT client here's one example: Quote:
it's an anoyance really, as my Personal Friends e/mail address is white-listed against a selected address book. this is very effective but I'd like to exclude these drug-scam messages entirely. I route unkonwn senders into a REVIEW folder which is where these drug scams end up. http://napfn.com/snowshoe.png |
Quote:
(Hey Mike. I always check my posts and obfuscate someone@somwhere.com to someoneatsomewheredotcom.) There is the IP range of RU-AVANGARD-DSL. Does thunderbird give you an option of "block by IP "range? How about the control panel options on the mail server? Third option is the hosting company your working through may have the blocking capability, let them know what's going on and see if they can block that range. 178.65.128.0 through 178.65.255.255 |
Quote:
not that it matters *that much* : on this address you have to be white-listed to send to it. i looked through Thunderbird for the options you suggested; no luck. I white-listed a couple addresses from the review folder though so this isn't really a pressing issue. I was just hoping we might know a way to get at these guys. |
exit needed
what we need in Thunderbird is a plug-in that would allow us to pass the message text to a C program for scanning. The usual return codes would be appropriate,-- 0 for OK and 1 for junk.
we could really tear up some spam that way |
Mike take a look at
tools->message filters->new and then under the "subject" drop down it has an option for "customize". If you click it, you get a blank entry box, try to put the IP range in there. |
Quote:
that is common is a gross misuse of HTML tags in order to obfuscate the body of the message -- which would otherwise be easy to catch with a filter. that's why we need to be able to get at the message source. example Quote:
|
netnum: 178.65.128.0 - 178.65.255.255
netname: RU-AVANGARD-DSL I was assuming that was the IP range they are all coming from. If we can't find a commonality among the messages, I'm afraid your stuck |
Quote:
... the little C program exit would be fun to pass around as well in keeping with our great Linux Traditions |
All times are GMT -5. The time now is 08:22 AM. |