Using SpamAssassin, I receive many false positives on mail from Linux cron deamons. The content of the messages is specific to the commands being run, of course, but generally, the following tests are triggered:
(1.2 points) From: does not include a real name (2 points) BODY: Contains "Casino" (0.7 points) BODY: Contains a line >=199 characters long (1.75 points) From and To the same address The Casino one is triggered, as the mail is coming from a webserver. One of the hosted websites is for a casino. Obviously, their domain name contains Casino. So, ignoring that hit, I have come up with the following test, which should take care of this: header CRON_SUBJ Subject =~ /Cron <[:alpha:]\w*@[:alpha:]\w*> / describe CRON_SUBJ The subject matches the subject of a Cron mailing. score CRON_SUBJ -3.65 Possibly, the score should be made smaller (more negative) to compensate for other tests which might be trigged by a Cron mailing. However, in my case, -3.65 is sufficient. NOTE: I haven't actually tested this rule with SpamAssassin. The regular expression is correct, if [:alpha:] is [a-zA-Z] and \w is [a-zA-Z0-9_]. I am assuming that login names and hostnames on a Unix machine must start with a letter. If this is not true, the [:alpha:]\w* could be changed to \w+ -- Richie Laager Wikstrom Telecom Internet _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
