> -----Original Message----- > From: Dan Baker [mailto:[EMAIL PROTECTED] > Sent: Friday, June 13, 2003 8:30 AM > To: [EMAIL PROTECTED] > Subject: [SAtalk] a few suggestions > > > I'm having great luck with spamassassin... a few things slip thru of > course, and I wanted to post in case it gives developers a good idea. > > one thing I noticed is that for messages that are enc-64 , it > seems that > other tests are NOT run on the decoded message. I'd suggest > decodeding > and then running all the regular tests OR if there is no > plain or html > message and its only enc-64, chances are 99% that its spam and should > get a high score. > > second, it would be nice if there were a really easy way to blacklist > URI found inline. There are some these days that are so simple they > don't trigger many tests, but they do have links to known > spammers like: > > body T_OPRAH /Oprah.*wrinkle.*sexual/si > score T_OPRAH 4.0 > > uri T_BLACKLIST_URI /( > SIL12345.com| > look4abride.com| > lolslideshow.com| > zland.com > )/ix > score T_BLACKLIST_URI 5.0 > > Am I on the right track with this? > > thanx, > > Dan > > Heh, the Oprah one made me laugh! :) Haven't seen that one. I do is use a rules like this for scoring, but not for sender addresses. I block those in my access file.
I use a rule called MY_EVIL for URLs that contain frequently used links by spammers. They don't send from this address but they use it for images and unsubscribe links and such. Just score the rule +20 or something. I find it works pretty good and I only need to update it once in a blue moon. HTH Chris ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
