-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Santerre Sent: Wednesday, October 22, 2003 8:21 AM To: 'Regis Wilson'; [EMAIL PROTECTED] Subject: RE: [SAtalk] [RD] simple rule for consumption
Nope these are bogus. I have seperate rules for them in the last Rule Emporeum update. I used seperate, as they often are seen in pairs. Although I didn't tag X-Email, because I'm not sure about that one. --Chris Santerre > -----Original Message----- > From: Regis Wilson > Sent: Tuesday, October 21, 2003 2:58 PM > To: [EMAIL PROTECTED] > Subject: [SAtalk] [RD] simple rule for consumption > > > Recently had some false negatives come through. Most of them > are one sentence > saying hello, and a URL. I noticed some strange headers, listed here: > > X-E: > X-I: > X-ENVID > X-Email > > So I wrote a quickie rule and it catches about 126 spam per week. > > header BAD_HEADERS ALL =~ /X-(?:E|Email|ENVID|I):/ > describe BAD_HEADERS Header uses spammy X- header > score BAD_HEADERS 3.0 > > Is X-ENVID a potential false-positive? I haven't seen any > "legitimate" use > for it. > Not sure how "legitimate" X-ENVID is, but I ran across this yesterday. I was reviewing headers of messages dumped to my Exchange Public Folder for messages that were scored as spam but the users want. I ran across a message that used the X-ENVID header, message looked spammy to SA, but it was an animated greeting card that was sent via smilepop.com. So take your pick, if you are using SA for yourself, it shouldn't matter, but if you are running SA for multiple people this could be an issue. >>snipped headers<< X-ENVID: FGC-49214273 X-Spam-Status: Yes, hits=7.5 tagged_above=0.0 required=6.0 tests=BAYES_60, CASHCASHCASH, CLICK_BELOW, EXCUSE_12, FORGED_HOTMAIL_RCVD, FROM_ENDS_IN_NUMS, NO_REAL_NAME, OFFER, PD_OBFUJ, TONER -Matt ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
