-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Sonntag, 30. Januar 2005 05:48 schrieb Walter Jeffries: > I often get spam in that to me looks extremely spammy. > Yet SA doesn't seem to think much of it and pass it with > little to no comment. Below is a very typical example. > The only thing SA noted was FORGED_RCVD_HELO which > given both the subject line and the message content is > rather surprising. > > Why aren't more tests being triggered?
Because they fit not on these messages. In the default installation are not much rules for these messages. > > How do I get more rules to be triggered? (flip side of the coin) 1. Use bayes filtering. Train the message with sa-learn --spam ... Next time bayes filtering will detect this type of messages as spam. 2. Write your own rules for this type of messages or look for rules on rulesemporium. > > Unfortunately I can't use custom rules because my host (vonetwork.com) > isn't willing to let users run custom rules. :( How do I stop this sort > of spam? Try bayes filtering. Train at least 200 ham and 200 spam messages with sa-learn. > > This is my first post. In the subject parenthetical I listed "(SA > version=3.0.2, Unix, spamd)". Is that the information that should be > provided when asking a question in this list? That's a very good idea. Sometimes the magic eye works, but mostly I forget where I put it down. So please give as much information as possible. Regards Thomas > > Cheers, > > -Walter > in Vermont > at the end of a > glorious winter day > > > From [EMAIL PROTECTED] Sat Jan 29 16:26:28 2005 > > Return-path: <[EMAIL PROTECTED]> > > Envelope-to: [EMAIL PROTECTED] > > Delivery-date: Sat, 29 Jan 2005 15:15:11 -0600 > > Received: from bling by host32.root-name-server.net with local-bsmtp > > (Exim 4.43) > > id 1Cuzvy-0003t6-0K > > for [EMAIL PROTECTED]; Sat, 29 Jan 2005 15:15:11 -0600 > > Received: from [222.147.38.248] > > (helo=p3248-ipbf207sapodori.hokkaido.ocn.ne.jp) > > by host32.root-name-server.net with smtp (Exim 4.43) > > id 1Cuzvx-0003pb-3H; Sat, 29 Jan 2005 15:15:09 -0600 > > Received: from butte.newmail.net ([64.247.5.99]) > > by salvatore.newmail.net (Sun Java System Messaging Server 6.1 HotFix > > 0.04 (built > > Aug 28 2004)) with ESMTP id <[EMAIL PROTECTED]> > > for > > [EMAIL PROTECTED]; Sun, 30 Jan 2005 02:14:08 +0500 (IST) > > Received: from bequeath.homeway.com.cn ([209.10.161.199]) > > by butte.newmail.net > > (Sun Java System Messaging Server 6.1 HotFix 0.00 (built Aug 29 2004)) > > with ESMTP id <[EMAIL PROTECTED]> for > > [EMAIL PROTECTED] > > (ORCPT [EMAIL PROTECTED]); Sat, 29 Jan 2005 16:09:08 -0500 (IST) > > Received: from haploidy.homeway.com.cn ([63.99.209.29]) > > by bequeath.homeway.com.cn with Microsoft SMTPSVC(6.0.0064.777); Sat, > > 29 Jan 2005 15:14:08 -0600 > > Date: Sat, 29 Jan 2005 18:08:08 -0300 > > From: "Shelton Geiger" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: DO Y0u L0ve Penny StOx? > > Message-ID: <[EMAIL PROTECTED]> > > MIME-Version: 1.0 > > Content-Type: text/plain; charset="UTF-8" > > Content-Transfer-Encoding: 7Bit > > X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on > > host32.root-name-server.net > > X-Spam-Level: > > X-Spam-Status: No, score=0.1 required=2.1 tests=FORGED_RCVD_HELO > > autolearn=no > > version=3.0.2 > > Sender: <[EMAIL PROTECTED]> > > > > > > > > MNEI - The best Smal| Cap Stock in 2005 just keep reading the profi|e > > and the news of this company and you wi|l see fOr yOurse|f > > > > > > THIS ST0CK IS UNDISC0VERED ST0CK GEM - Just starting to trade > > > > > > Mi||ennium National Events, Inc. - Symbo|: MNEI > > > > Mi||enniums current roster of event sponsors inc|udes such names as: WM > > Wrig|ey, American Express, Office Depot, Verizon, Italian Rose, TWA, > > ad-infinum - -- icq:133073900 http://www.t-arend.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFB/MXNHe2ZLU3NgHsRAuSTAJ4i/PKCtD7tnAXS9uYLctDlCfSZSQCfUUF6 q1CENDG30sJUcJ8LBWWoOm0= =U/E1 -----END PGP SIGNATURE-----
