> http://168.100.199.67/message.txt
I cna't seem to connect to your site, so I'll just assume that is a standard
vertical drug spam.
> they appear to receive a very high
> score. However they always seem to get past spamassassin--other spams
> get tagged and redirected to our spam box fine.
Now wait, something doesn't make sense here. Are you saying that you see
'ham' that shows a very high score (above the threshold) but it somehow
wasn't flagged as spam?
Or are you saying that when one of these puppies gets through and you go
back later and test it it gets a very high score?
> The only reason I can think that they may not be getting sent to our
> spam box is either SURBL scores aren't registering or somehow these
> types of messages can get around spamassassin... Could anyone shed some
> light on why these types of messages are getting by?
The answer could be "both".
If you don't have sare_specific.cf (I believe it is) then these Leo drug
spams will sail right past the SA standard rules. Even with the sare rules
it is a bit of a fight; Leo is pretty good about updating the format pretty
frequently.
As for SURBL, it will certainly catch these - IF you aren't one of the first
lucky winners that gets the initial batch before they can show up in SURBL.
I suspect this is probably what is happening when you say they have a high
score but sneak past. They probably had a low score when they first showed
up, and only have a high score now that you run it through by hand some
hours (or even minutes) later.
Grab the SARE rules and most of these will get caught I suspect. However,
if you are somehow unlucky enough to be on the leading edge of most batches,
you will probably always have some leaking through until SURBL can catch up.
Loren
