Greetings,
This is my first post after having lurked some. So, I'm getting these
same "RE: good" spams but they're hitting eight rules and typically
scoring between 30 and 40. I'm really unsophisticated compared to you
guys, and it begs the question––what am I doing wrong? All I use is a
tweaked user_prefs wherein I have gradually raised the scores on
standard rules found in spam that slips through over a period of
time. These particular spams are over the top on bayesian (1.0), have
multiple database hits, forged rcvd_helo and so forth. Bayesian alone
flags them for me. I'm trying to understand the reason you would not
want to have these type of rules set high enough? I must be way over
optimized––what am I not getting?
TIA,
John
On Apr 28, 2006, at 5:36 PM, List Mail User wrote:
Bart Schaefer wrote:
The largest number of spam messages currently getting through SA
at my
site are short text-only spams with subject "Re: good " followed
by an
obfuscated drug name (so badly mangled as to be unrecognizable in
many
cases). The body contains a gappy-text list of several other
kinds of
equally unreadable pharmaceuticals, a single URL which changes daily
if not more often, and then several random words and a short excerpt
from a novel.
They usually hit RCVD_IN_BL_SPAMCOP_NET,URIBL_SBL but those alone
aren't scored high enough to classify as spam, and I'm reluctant to
crank them up just for this. However, the number of spams getting
through SA has tripled in the last four days or so, from around 14
for
every thousand trapped, to around 40.
I'm testing out RdJ on the SARE_OBFU and SARE_URI rulesets but so far
they aren't having any useful effect. Other suggestions?
