> Here's the rule:
>
> body GATEWAY_001 /tripod\.com/i
>
> Here's the result:
>
> Nov 9 13:42:03 gateway spamd[17880]: spamd: result:
. -2 -ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001
>
> Did I totally miss something? Thanks!
May deprnd on what you expected. That says your rule hit on something.
Hopefully it contained 'tripod.com' someplace in the message.
It also hit bayes_00, which says it is pure ham, so got about -3 points.
It also hit all_trusted, saying it came from a trusted host, so got some
negative score since that host isn't expected to originate spam.
If this was a test message you sent yourself these last two hits may be
reasonable. If it was a spam message, these last two hits indicate
configuration problems and bayes training problems.
Assuming you are going for Leo's latest spams, you could better write your
rule as
uri GATEWAY_001 /\.tripod\.com\b/i
This will make sure you don't get a hit on some random text like
"It stood on a tripod.Comments anyone?"
Loren
