Peter Lemioux wrote: >You can modify the scoring of any rule by adding a file to >/etc/mail/spamassassin that changes the score for specific rules. I >named mine ZZscores.cf so it will be read after the other files in this
>directory. For instance, >score HTML_MESSAGE_BODY 1.0 >That said, I'm not sure you'd want to fiddle with the scores on the rules >this message hits. From your original posting, we have >1.7 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO >3.9 JV_Pharm1r_Drug BODY: partial word hidden in HTML in pill ad >1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% >0.0 HTML_MESSAGE BODY: HTML included in message >1.4 HTML_10_20 BODY: Message is 10% to 20% HTML >0.4 MIME_HTML_ONLY BODY: Message only has text/html MIME parts >Some other alternatives might be training your Bayes filter with messages >like these so you get a higher score than BAYES_60 or giving a positive >score to HTML_MESSAGE_BODY, though that can lead to false positives in >today's "look at my pretty email" world. Could you explain how I can train Bayes? What specifically do I need to do to accomplish this? >I also noticed that this was a GIF spam, but it's not scored as such. >You might want to look back over this list's archives and read about the >FuzzyOCR and ImageInfo plugins. Also the newest SARE stock rules might >help. I am sorry if I am asking this question and it is answered in the archives. I will try to go back and read those past posts but is there a site where I can download the SARE stock rules and the plugins? I am aware of Rules Du Jour but whenever I have attempted to download rules from there I have serious problems with memory on my system that causes delivery problems with my email. Can I just go to a website and click on the stock rules SARE and copy the .cf file to my server? Can I do the same for downloading the plugins you mention? >Of course, you could also lower your thresholds. I tag at 4 and >quarantine at 8. I review the decisions on messages in between these >values to make sure we're not generating false positives; seems to work >okay here. I have wondered about doing this. I have read several posts about the concerns about stopping legitimate emails. We are a small state office that for the most part does not have a great deal of unsolicited email come through that is not spam. Are there any issues I should think about before I were to lower the threshold? I appreciate the advice. Steve
