Loren Wilton wrote:
*X-Spam-Status:* No, score=3.8 required=5.2
tests=BAYES_99,FORGED_RCVD_HELO,
HTML_50_60,HTML_MESSAGE autolearn=disabled version=3.1.4
Bayes is doing fine. You can't get much better than Bayes_99 as a
spam indicator.
On the other hand, having Bayes_99 and three other positive rules only
sum to 3.8 seems a little strange. On a modern SA Bayes_99 should be
scoring up around 4.5 I believe. So you must have local rule scores
that are decreasing that score. I'd suggest considering taking
bayes_90 and Bayes_99 back to about their default scores.
Is there any way to check that some rules are overwrite the default value?
CAjRTIER
TIjFFANY & CO
BVjLGARI
OMjEGA
ROjLEX
PAjTEK
BRjEITLING
You obviously aren't running network tests. These little puppies hit
on SURBL just fine, unless you are one of the unlucky few that are
just at the leading edge of a spam run. The net tests would probably
stop these all by themselves.
I have bandwidth constraint, so doing network test would just slow
things down. In fact many nestwork test (DNSBL etc) are done in postfix.
I haven't checked to see if we have a handful of SARE rules for these
particular things. But I'm a little surprised that at least a few
SARE rules don't show up. This makes me think you may not have any
add-on rulesets either. You might consider adding some, or maybe even
quite a few if there is a good reason you aren't running network
tests. www.rulesemporium.com.
Any suggestion how to block this kind of spam?
[EMAIL PROTECTED] spamassassin]# ls -l /etc/mail/spamassassin/
total 1520
-rw-r--r-- 1 root root 31854 Jun 1 2004 70_sare_adult.cf
-rw-r--r-- 1 root root 3839 Jun 2 2005 70_sare_bayes_poison_nxm.cf
-rw-r--r-- 1 root root 120154 Sep 23 2005 70_sare_header0.cf
-rw-r--r-- 1 root root 137436 Sep 23 2005 70_sare_header1.cf
-rw-r--r-- 1 root root 59037 Sep 23 2005 70_sare_header2.cf
-rw-r--r-- 1 root root 80967 Sep 23 2005 70_sare_header3.cf
-rw-r--r-- 1 root root 224440 Sep 23 2005 70_sare_header.cf
-rw-r--r-- 1 root root 95279 Oct 6 2005 70_sare_html.cf
-rw-r--r-- 1 root root 58118 Sep 23 2005 70_sare_obfu0.cf
-rw-r--r-- 1 root root 97771 Sep 23 2005 70_sare_obfu1.cf
-rw-r--r-- 1 root root 3547 Sep 23 2005 70_sare_obfu2.cf
-rw-r--r-- 1 root root 9163 Sep 23 2005 70_sare_obfu3.cf
-rw-r--r-- 1 root root 4900 Oct 2 2005 70_sare_obfu4.cf
-rw-r--r-- 1 root root 155889 Sep 23 2005 70_sare_obfu.cf
-rw-r--r-- 1 root root 11298 Sep 23 2005 70_sare_oem.cf
-rw-r--r-- 1 root root 17656 Sep 23 2005 70_sare_random.cf
-rw-r--r-- 1 root root 59281 Sep 23 2005 70_sare_specific.cf
-rw-r--r-- 1 root root 7029 May 27 2005 70_sare_spoof.cf
-rw-r--r-- 1 root root 5172 Jul 30 2004 70_sare_unsub.cf
-rw-r--r-- 1 root root 15511 Nov 17 2004 72_sare_redirect_post3.0.0.cf
-rw-r--r-- 1 root root 10147 May 2 2004 99_sare_fraud_post25x.cf
-rw-r--r-- 1 root root 109810 Jun 22 2005 bogus-virus-warnings.cf
-rw-r--r-- 1 root root 935 May 2 2005 init.pre
-rw-r--r-- 1 root root 12326 Jul 28 13:10 local.cf
-rw-r--r-- 1 root root 2397 Sep 22 2005 v310.pre
-rw-r--r-- 1 root root 806 Jun 15 16:47 v312.pre
