> I'm having great luck with spamassassin... a few things slip thru of > course, and I wanted to post in case it gives developers a good idea. > > one thing I noticed is that for messages that are enc-64 , it seems that > other tests are NOT run on the decoded message. I'd suggest decodeding > and then running all the regular tests OR if there is no plain or html > message and its only enc-64, chances are 99% that its spam and should > get a high score.
Well, if you think other tests are not being run on base-64 encoded messages, then you may have found a bug, because all the normal tests, including bayes are supposed to run on the decoded text. (AFAIK) Base64 itself already gets up to 2.3 points depending on the scoreset you're using, and there *are* legitimate reasons to use base64 (otherwise no email program would support it) so the score can't be too high. > second, it would be nice if there were a really easy way to blacklist > URI found inline. There are some these days that are so simple they > don't trigger many tests, but they do have links to known spammers like: > > body T_OPRAH /Oprah.*wrinkle.*sexual/si > score T_OPRAH 4.0 > > uri T_BLACKLIST_URI /( > SIL12345.com| > look4abride.com| > lolslideshow.com| > zland.com > )/ix > score T_BLACKLIST_URI 5.0 > > Am I on the right track with this? There are already quite a number of tests which match links to suspicious looking domains, but as always, new ones are popping up all the time....so SA needs updating. You'll probably find these rules, like most others, have been updated in 2.60-cvs.. Regards, Simon ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
