>> [EMAIL PROTECTED] wrote: >> >>> 2) Can anyone run the spam below against a vanilla ruleset, 2.5[45] >>> and/or 2.6, and let me know if this spam should have been caught under >>> 2.54? >> Bob, The reason the spam in your case bypassed SA but got caught when you had others run it is here:
> X-Spam-Status: No, hits=3.3 required=9.0 > tests=BASE64_ENC_TEXT,NO_REAL_NAME,PRIORITY_NO_NAME,USER_AGENT > version=2.54 What this means is that the text itself in the email was encoded, so SA couldn't read it - instead, SA could only read the information in the headers and assign a score based on that. You posted a text version (your email reader would be able to convert the encoded text, so that is what you saw), so basically what was tested was NOT the same as what went through your filter. The easiest thing for you to do is to assign a much higher score to the BASE64_ENC_TEXT test in your local.cf file. I've never seen a legit email containing Base 64 encoded test, though it's possible that in certain contexts it could be done - but for the most part its a spam trick and you are safe to assign that test a very high score. I'd note that you have a high threshold for spam (9.0), which is another reason this one might have gotten through. Hope this helps, Abigail ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
