Hello jdow, Friday, March 25, 2005, 3:29:04 AM, you wrote:
j> It seems there are a lot of anti-spam headers which if they are seen j> on incoming email is a fairly good indication that the message is j> spam. Kaspersky Anti-Spam is one such puppy with its often appearing j> X-Spamtest-Munged-Info header. That appears in exactly one folder on j> my system with a 3 gigabyte mail corpus, the Spam directory. j> Now, it may be that on a given system spam may get filtered twice j> So a SARE rule set with all known anti-spam headers in it with a j> clearly delineated set of score overrides that can be uncommented j> is called for. That way somebody stuck behind a KAS system who runs j> his own spamassassin can still use the rule with the X-SpamTest-Info j> score set to zero. Most users will simply leave the rule on with a j> fairly secure medium to high score and capture a large chunk of spam j> very reliably. Good suggestion. Since we SARE Ninjas are obviously "stuck behind" SA systems, we don't often see these additional headers. If you (and others) can send sample headers to me, [EMAIL PROTECTED], or [EMAIL PROTECTED], I'll collect them, validate them through mass-checks, and hopefully come out with a "antispamspam" (?) rules file. (Or maybe this should be a new file inside the 70_sare_header*.cf family?) Bob Menschel
