Here is a list of the rulesets that I'm using: 70_sare_adult.cf 70_sare_unsub.cf 70_sare_bayes_poison_nxm.cf 70_sare_uri0.cf 70_sare_evilnum0.cf 70_sare_uri1.cf 70_sare_evilnum1.cf 70_sare_uri3.cf 70_sare_evilnum2.cf 70_sare_uri.cf 70_sare_genlsubj0.cf 70_sare_uri_eng.cf 70_sare_genlsubj1.cf 70_sc_top200.cf 70_sare_genlsubj2.cf 72_sare_bml_post25x.cf 70_sare_genlsubj3.cf 72_sare_redirect_post3.0.0.cf 70_sare_genlsubj.cf 88_FVGT_body.cf 70_sare_genlsubj_eng.cf 88_FVGT_headers.cf 70_sare_genlsubj_x30.cf 88_FVGT_rawbody.cf 70_sare_header0.cf 88_FVGT_subject.cf 70_sare_header1.cf 88_FVGT_uri.cf 70_sare_header2.cf 99_FVGT_meta.cf 70_sare_header3.cf 99_FVGT_Tripwire.cf 70_sare_header.cf 99_sare_fraud_post25x.cf 70_sare_header_eng.cf antidrug.cf 70_sare_header_x264_x30.cf backhair.cf 70_sare_header_x30.cf bogus-virus-warnings.cf 70_sare_highrisk.cf chickenpox.cf 70_sare_html0.cf init.pre 70_sare_html1.cf local.cf 70_sare_html2.cf local.cf.orig 70_sare_html3.cf local.cf.rpmsave 70_sare_html4.cf mangled.cf 70_sare_html.cf random.cf 70_sare_html_eng.cf random.current.cf 70_sare_html_x30.cf rules_du_jour 70_sare_oem.cf RulesDuJour 70_sare_random.cf tripwire.cf 70_sare_specific.cf weeds.cf 70_sare_spoof.cf
How do I tell if I have URIBL lookups enabled? I'm upping the scores for the drug rules within mangled.cf if see if that helps. Tracey Gates Lead Developer [EMAIL PROTECTED] 1350 South Boulder, Third Floor / Tulsa, OK 74119-3203 Phone 918-663-0991 / Fax 918-663-0840 This communication is intended only for the recipient(s) named above; may be confidential and/or legally privileged; and, must be treated as such in accordance with state and federal laws. If you are not the intended recipient, you are hereby notified that any use of this communication, or any of its contents, is prohibited. If you have received this communication in error, please reply to the sender and then delete the message from your computer system immediately. -----Original Message----- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Jeremy Sent: Wednesday, March 08, 2006 9:50 AM To: users@spamassassin.apache.org Subject: Re: Drug email keeps getting thru Does the message body contain "mangled" (deliberately misspelled) drug names? If so, you might find the mangled.cf ruleset at http://www.rulesemporium.com/other-rules.htm to be useful - it helps my setup a lot with those sorts of spams, especially the drug ones. You might even consider increasing the scores in mangled.cf for the drug-related rules within there, if that might help futher. Myself, I bumped the mangled drug rules in that ruleset right up, as I have no legitimate need to be receiving emails with mangled drug names in them. You could also create your own rule to filter for unique signs in the email such as the word "ParaLmcy" in the subject. Without seeing the spam's body it's hard to suggest anything else. Were there any URLs in the body? If so, do you have the URIBL lookups enabled in your setup? What about the SARE rules at http://www.rulesemporium.com/rules.htm, do you use any of those? It's possible that some of those may also help. Cheers, Jeremy "Tracey Gates" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I keep getting these drug emails that antidrug.cf is suppose to catch but it's not. The emails are scoring low. I've updated the antidrug.cf rule. I've done sa-learn on them but we are still being inundated with these "news" emails. What can I do to get these to stop? Here is the header from one of them: *************** Return-Path: <[EMAIL PROTECTED]> Received: by yoursummit.com (CommuniGate Pro PIPE 4.3.8) with PIPE id 2790021; Wed, 08 Mar 2006 03:21:07 -0600 Received: from [66.50.88.167] (HELO clividian.co.za) by yoursummit.com (CommuniGate Pro SMTP 4.3.8) with SMTP id 2790026 for [EMAIL PROTECTED]; Wed, 08 Mar 2006 03:20:56 -0600 Received-SPF: none receiver=yoursummit.com; client-ip=66.50.88.167; [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Reply-To: "Sumayya Lovvorn" <[EMAIL PROTECTED]> From: "Sumayya Lovvorn" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: ParaLmcy news Date: Wed, 8 Mar 2006 04:20:19 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C64267.9C61FD10" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on yoursummit.com X-Spam-Level: X-Spam-Status: No, score=-0.9 required=3.5 tests=BAYES_20,FM_NO_STYLE, HTML_80_90,HTML_MESSAGE,UPPERCASE_25_50 autolearn=no version=3.0.2 X-TFF-CGPSA-Version: 1.4 X-TFF-CGPSA-Filter: Scanned ************* Tracey Gates Lead Developer [EMAIL PROTECTED] 1350 South Boulder, Third Floor / Tulsa, OK 74119-3203 Phone 918-663-0991 / Fax 918-663-0840 This communication is intended only for the recipient(s) named above; may be confidential and/or legally privileged; and, must be treated as such in accordance with state and federal laws. If you are not the intended recipient, you are hereby notified that any use of this communication, or any of its contents, is prohibited. If you have received this communication in error, please reply to the sender and then delete the message from your computer system immediately.
