From: "Robert Menschel" <[EMAIL PROTECTED]>
> Hello jdow,
>
> Friday, March 25, 2005, 3:29:04 AM, you wrote:
>
> j> It seems there are a lot of anti-spam headers which if they are seen
> j> on incoming email is a fairly good indication that the message is
> j> spam. Kaspersky Anti-Spam is one such puppy with its often appearing
> j> X-Spamtest-Munged-Info header. That appears in exactly one folder on
> j> my system with a 3 gigabyte mail corpus, the Spam directory.
>
> j> Now, it may be that on a given system spam may get filtered twice
> j> So a SARE rule set with all known anti-spam headers in it with a
> j> clearly delineated set of score overrides that can be uncommented
> j> is called for. That way somebody stuck behind a KAS system who runs
> j> his own spamassassin can still use the rule with the X-SpamTest-Info
> j> score set to zero. Most users will simply leave the rule on with a
> j> fairly secure medium to high score and capture a large chunk of spam
> j> very reliably.
>
> Good suggestion.
>
> Since we SARE Ninjas are obviously "stuck behind" SA systems, we don't
> often see these additional headers. If you (and others) can send
> sample headers to me, [EMAIL PROTECTED], or [EMAIL PROTECTED],
> I'll collect them, validate them through mass-checks, and hopefully
> come out with a "antispamspam" (?) rules file. (Or maybe this should
> be a new file inside the 70_sare_header*.cf family?)
>
> Bob Menschel
The chief trick here is to be able to turn off the individual tests for
a specific anti-spam engine if they are likely to be seen internally
as from trips through two traps in series.
{^_^}
