On Thu, 21 Nov 2024, pgnd wrote:
I'm focused atm on using available rules -- out-of-the-box and KAM.
IF the answer is that the only way to cope with this is WITH Bayes, then
that's a learning too.
Well, I'm not sure out-of-the-box rules will help otherwise they'd already
be helping. :)
You might want to run it through SA with the rule hits flags on so that
you can tell if a new meta with some existing unscored rules might help.
What caught my eye was the unusual TLD in the HELO. That would be trivial
for a spammer to bypass, but it might help to look for unusual TLDs
there as well...
I will see about adding that to my sandbox tonight or tomorrow, but no
guarantees on how it will do in masschecks.
It might also be time to update my phishing phrases rules...
Feel free to send me an archive of spamples if you like.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Holy smokes! We goofed again -
The brew was not quite right... -- KMFDM
-----------------------------------------------------------------------
38 days since SpaceX caught the SuperHeavy booster on the first try
