decoder wrote:
Which OCR plugin are you using there? If it is the original OcrPlugin,
then you might try FuzzyOcr instead. The original OcrPlugin was more
proof-of-concept, and will cause you lots of headaches with the
current image spam...
I did upgrade to FuzzyOCR after I read your message. But, I don't think
it's working- however other rules seem to be catching these stock gifs.
Here's the headers from one of them:
Content analysis details: (10.6 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type=
entry
4.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
1)
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
1.1 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of
words
0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
[score: 0.7765]
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 SARE_GIF_ATTACH FULL: Email has a inline gif
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[71.197.31.248 listed in dnsbl.sorbs.net]
I don't see OCR mentioned in there at all. I still don't think it's working.
Spamassassin --lint doesn't indicate anything is wrong. How can I test it?
-Mike
