Another DNSBL lost, NJABL shutdown

Accordnig to NJABL’s website, they’re shutting down effective immediately:

March 1, 2013: NJABL is in the process of being shut down. The DNSBL zones have been emptied. After “the Internet” has had some time to remove NJABL from server configs, the NS’s will be pointed off into unallocated space to hopefully make the shutdown obvious to those who were slower to notice.

If you have NJABL listed in your MDaemon or SecurityGateway configuration, you should probably remove it immediately. MDaemon’s SpamAssassin automatically uses NJABL as well, but as long as you have automatic updates enabled no action is required, SpamAssassin will be disabling NJABL per bug 6913.

To NJABL’s operators: Thanks for all your time and efforts, it was appreciated! listing the world

It appears that has started listing the world as of today. This list has been inactive for around 4 years now, so if you’re using it in MDaemon, please remove it from your MDaemon DNS-BL immediately.

While we’re on the topic, if you’re running an MDaemon version earlier than 12.5.0, please either upgrade or follow the instructions in this post from 2009 to remove DSBL lookups from SpamAssassin. MDaemon 12.5.0 and higher should not query this list from SpamAssassin.

Image-only adult themed spam

Lately there is a new batch of spam going out that tends to use adult themed subjects, but has no content in the body aside from a single image.

It has been reported that this SpamAssassin rule helps:

header __CTYPE_MULTIPART_MXD Content-Type =~ /multipart\/mixed/i
mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i
score MIME_IMAGE_ONLY 2.00
describe MIME_IMAGE_ONLY Image body part but no text body parts

To use it, copy these five lines into the bottom of your \MDaemon\SpamAssassin\rules\ file, then either restart MDaemon or create a mdspamd.sem file in the \MDaemon\App\ directory.

You may want to tweak the “Score”, but start with 2.0 as this rule hasn’t been aggressively tested so there is a higher risk of false positives then with the default SpamAssassin rules.

Lastly, it’s also worth mentioning that Outbreak Protection (part of SecurityPlus 4 and higher) is flagging these messages as spam.

UPDATE 2009/05/19: The above rule only works in MDaemon 10 and higher, for earlier versions, you’ll need one more line:

mimeheader __ANY_IMAGE_ATTACH Content-Type =~ /image\/(?:gif|jpeg|png)/
(Thanks goes to “Greg Vancardo” for tracking this one down)