> -----Original Message----- > From: Martin Radford [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 26, 2003 6:22 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: [SAtalk] Message ID > > > At Tue Aug 26 04:55:01 2003, Larry Gilson wrote: > > > > Thanks Carlo! Looks like this test would not be good for a > relay that > > accepts mail from MUAs. However, it would probably be good > if one only > > expects traffic from MTAs - like gateways. I am surprised > to see Exchange > > and GroupWise. For Exchange, the OS must not have the > default suffix > > configured. Misconfigurations are worth adding a point or > two though. I > > have always setup mailservers with a hostname of > host.some.domain rather > > than just host. I guess that is not common(?). > > > > Please let me know if anyone disagrees with this line of reasoning. > > From my own collections: > > with FQDN with hostname only > ham: 2331 (85.6%) 391 (14.4%) > spam: 1925 (76%) 608 (24%) > > While I'm not very good with statistics, this rule doesn't look very > good for distinguishing ham from spam. > > Martin > -- > Martin Radford | "Only wimps use tape backup: _real_ > [EMAIL PROTECTED] | men just upload their important > stuff -o) > Registered Linux user #9257 | on ftp and let the rest of the > world /\\ > - see http://counter.li.org | mirror it ;)" - Linus > Torvalds _\_V > >
This discussion has helped me to see a pattern in some spam that has been sneaking by. Why I agree that Message-ID without a .com is NOT a sure fire spam tag, there are some message-ID patterns I have now seen. Not enough to say "SPAM!". But enough to meta with about 3-4 other rules to be worth some points. Should be just enough to throw the ones scoring 5.x to 7.x where they won't get delivered to my users. I'm only testing now, so can't share yet. But maybe it will help you guys. Take a look at the message-ID field itself. While the characters may be random, you may see a pattern in them with other spam. hth --Chris Santerre ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
