Bart Schaefer <[EMAIL PROTECTED]> writes:
> On Tue, 4 Jun 2002, Harry Putnam wrote:
>
>> This line appears in mail:
>> X-Spam-Status: Yes, hits=2.2 required=2.0 tests=Repeat_Any_Allcap,\
>> FORGED_YAHOO_RCVD version=2.20
>>
>> Yet a grep of the received headers reveal no instance of yahoo.
>
> I'll answer since this has come up before and I suggested the rule.
>
> Read the description, not the rule name. The name is an abbreviation
> chosen more for similarity to names of other rules that examine Received
> headers than for congruence with its description. In this case it means
> that the message claims to be From: yahoo.com but (as you noticed) does
> NOT mention a yahoo mail server in the Received: headers. It's very
> common for spammers to use a nonexistent local-part @yahoo.com (or other
> free mail service) as the From: address -- far more common than it is for
> real yahoo users to set the From: line to their yahoo account when sending
> from some other source.
Thanks, I guess it makes sense, but I have to say that reading the
description:
describe FORGED_YAHOO_RCVD Forged yahoo.com 'Received:' header found
Comes no nearer to making it clear what is really happening.
> And please excuse me for saying so, but 2.0 is a ridiculously low spam
> threshold. I'd lose half my email if I were to set it below 4.0.
Some one else pointed that out to, and I am watching closer now.
I've also had to edit a number of other rules score values so
probably just got off on the wrong foot.
I tried a defaut setup first though and lots of stuff was coming thru
that shouldn't.
It is starting to look like a loosing battle, and may involve a large
revamp in default scores. So far I've made these adjustments and am
getting no spam through for a full day now. I have had 2 false
positives in that time (probably around 200 messages), My revisions
are already pretty extensive though, so maybe just a waste and I should
go back to default and try to see why so much crap gets through.
cat /etc/mail/spammassassin/local.cf
required_hits 2
auto_report_threshold 6000
header Spama X-BeenThere =~ /spamassassin-.*\@lists/
score Spama -100
header CRON X-Cron-Env =~ /\w/
score CRON -100
header Default_score_texi_list Sender =~ /owner-tex.*\@mathematic/
score Default_score_texi_list 0.6
header System_Check Subject =~ /reader\.local\.lan.*system check$/
score System_Check -100
score SUBJ_MISSING 1.5
score SUBJ_HAS_SPACES 1.4
score NO_REAL_NAME 0.4
score FROM_MALFORMED 1.4
score FROM_AND_TO_SAME 1.7
score OPT_IN 1.5
score DATE_IN_FUTURE 1.318
header Virus_scan_report Subject =~ /Virus/i
score Virus_scan_report 1.5
score KNOWN_BAD_DIALUPS 1.0
score MAY_BE_FORGED 0.8
score FORGED_YAHOO_RCVD 1.45
score NO_REAL_NAME 0.3
score COPY_DVDS 1.8
body Repeat_Allcap_Free /FREE.*FREE/
score Repeat_Allcap_Free 1.2
body Repeat_Any_Allcap /\b([A-Z]{3,})\b.*?\1/
score Repeat_Any_Allcap 0.8
score SLIGHTLY_UNSAFE_JAVASCRIP 1.5
score MSG_ID_ADDED_BY_MTA_2 1.3
header FW_LOG Subject =~ /\[0030AB066D5C\]/
score FW_LOG -100
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
