How about:
body CORRECT_FOR_EXCHANGE /This message is in MIME format/
score CORRECT_FOR_EXCHANGE -2.6
describe CORRECT_FOR_EXCHANGE Correct for MIME 'null block'
C
On Sun, 2002-02-03 at 19:59, Jason Haar wrote:
Email from our Exchange server is tallying up the score points in SA faster
than it should.
All the MIME messages contain the phrase:
-------
<headers>
MIME-Version: 1.0
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_000_01C1AD26.0305AA70
-------
That's causing a score like:
X-Spam-Report: 6.35 hits, 5 required;
* 1.0 -- From: contains numbers mixed in with letters
* 2.8 -- Message text disguised using base-64 encoding
* 1.6 -- Contains phrases frequently found in spam
[score: 21, hits: this message, your]
[mail]
* 1.0 -- spam-phrase score is over 20
Could SA recognise that those phrases are occurring in the MIME "null block"
before the message actually begins? In fact, anything could be valid in
there as MIME MUA users never see that area these days...
[hmm, great way of sneaking stuff out... ;-)]
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
