Hi there
I'm finding a fair chunk of spam gets past SA-3.0.3 with scores of 3-4
out of 5 even though it got 2+ network test hits.
e.g.
spamd[18676]: result: . 3 -
DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,FROM_HAS_MIXED_NUMS,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL
scantime=4.4,size=1435,mid=<[EMAIL PROTECTED]>,autolearn=disabled
This had a Subject line of "russian XXXXX unusably in action fervid" -
so I'm guessing it was spam (;-) - even though it only got a score of 3/5.
Obviously the default values are set that way as a way of implying
"confidence" in what that means, it's just that I wonder if they need
updating? I guess I'm referring to the scores in 50_scores.cf.
e.g. RCVD_IN_NJABL_PROXY has a value of 1.0 - and yet the FAQ on the
NJABL web site (of course) tells you to set "score NJABL_PROXY 3.0" :-)
But the wonderful authors of SA know far more than I do - so are the
current levels still deemed to be correct?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
