Hi all,
I was wondering if there was someplace where we could have a new rule
tested automatically against both spam and non-spam corpus to see how
effective it is. Is this something everyone must make on their own or
there is some email/web interface to such a service someplace?
Here are some of my local rules (one or two I got from someone else on
the list) which do well here if anyone is interested. I'll accept
suggestion on improving them :)
body LOCAL_LONG_WORD /[a-zA-Z]{90}/
describe LOCAL_LONG_WORD LOCAL: Long random word in body (90 chars+)
score LOCAL_LONG_WORD 4.8
body LOCAL_COMMENTS_IN_WORD /[a-zA-Z]<!--[^>]*-->[a-zA-Z]/
describe LOCAL_COMMENTS_IN_WORD LOCAL: Comments used to try to hide
words from spam detectors
score LOCAL_COMMENTS_IN_WORD 4.5
header LOCAL_FAKE_IP_RCVD Received =~
/\[0|(?:\d{1,3}\.){0,3}(?:2(?:5[6-9]|[6-9]\d)|[3-9]\d\d)[.\d]*\]/
describe LOCAL_FAKE_IP_RCVD LOCAL: Received via an impossible IP address
score LOCAL_FAKE_IP_RCVD 6.0
header LOCAL_PI_OE X-Mailer =~ /OutLook Express 3\.14159/
describe LOCAL_PI_OE LOCAL: X-Mailer contains 'OutLook Express
3.14159'
score LOCAL_PI_OE 5.0
header LOCAL_HELO_COMPUSERVE Received =~ /(from |helo=)compuserve.com/
describe LOCAL_HELO_COMPUSERVE LOCAL: Receive line contains an helo of
compuserve.com
score LOCAL_HELO_COMPUSERVE 4.0
header LOCAL_HELO_MSN Received =~ /(from |helo=)msn.com/
describe LOCAL_HELO_MSN LOCAL: Receive line contains an helo of msn.com
score LOCAL_HELO_MSN 4.0
header LOCAL_HELO_YAHOO Received =~ /(from |helo=)yahoo.com/
describe LOCAL_HELO_YAHOO LOCAL: Receive line contains an helo of
yahoo.com
score LOCAL_HELO_YAHOO 4.0
# Hotmail.com servers gives an helo of hotmail.com so we should check to
# make sure it's not a hotmail.com server which announce this.
# Until this is done, just score 2.0 for this rule.
header LOCAL_HELO_HOTMAIL Received =~ /(from |helo=)hotmail.com/
describe LOCAL_HELO_HOTMAIL LOCAL: Receive line contains an helo of
hotmail.com
score LOCAL_HELO_HOTMAIL 2.0
# Often receive spam from netscape.net users
header LOCAL_NETSCAPE_NET From =~ /\@netscape\.net/
describe LOCAL_NETSCAPE_NET LOCAL: From: contains a netscape.net address
score LOCAL_NETSCAPE_NET 2.0
body LOCAL_EARN_SLEEPING /earn while you sleep/i
describe LOCAL_EARN_SLEEPING LOCAL: Earn while you sleep
score LOCAL_EARN_SLEEPING 3.0
body LOCAL_START_YOUR_OWN /start your own .{0,20}business/i
describe LOCAL_START_YOUR_OWN LOCAL: Start your own business
score LOCAL_START_YOUR_OWN 1.5
body LOCAL_JUST4UNOW /just4unow\.com\//i
describe LOCAL_JUST4UNOW LOCAL: Link to just4unow.com
score LOCAL_JUST4UNOW 4.7
body LOCAL_NOT_FOR_EVERYONE /Not intended for recipients or
residents of/
describe LOCAL_NOT_FOR_EVERYONE LOCAL: This Spam may not be intended to
you
score LOCAL_NOT_FOR_EVERYONE 0.3
Use them at your own risk! :)
--
Patrice Fournier
[EMAIL PROTECTED]
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Got root? We do.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
