On Thu, Feb 22, 2007 at 10:07:31PM -0500, David Goldsmith wrote: > Hash: SHA1 > > Igor Chudov wrote: > > Example is here > > > > http://igor.chudov.com/tmp/spam001.txt > > > > They go past spamassassin. I use latest sare rules, run rules du jour > > nightly etc. > > > > I catch them after spamassassin, using my own filter, using regex > > > > edrx\s*\.com\b > > > > I wonder why spamassassin cannot identify them. > > > > i > > Here's my score for that message: > > Content analysis details: (13.7 points, 5.0 required) > > pts rule name description > - ---- ---------------------- > - -------------------------------------------------- > 0.1 FORGED_RCVD_HELO Received: contains a forged HELO > 5.0 BOTNET Relay might be a spambot or virusbot > > [botnet0.7,ip=65.182.171.162,hostname=ak74,maildomain=haats.de,baddns] > 0.1 TW_DR BODY: Odd Letter Triples with DR > 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% > [score: 1.0000] > 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) > 2.2 DCC_CHECK Listed in DCC > (http://rhyolite.com/anti-spam/dcc/) > 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > [Blocked - see > <http://www.spamcop.net/bl.shtml?88.121.45.57>] > 0.8 DIGEST_MULTIPLE Message hits more than one network digest check > > > Running SA 3.1.8, Pyzor, Razor, DCC, BOTNET, SARE rulesets, RBL tests > and Bayesian. I just added BOTNET recently, but even without it, it > still would have scored 8.7.
David, very interesting. I enabled DCC as you suggested, but it is not taking effect -- I piped this message through SA and it did not detect BOTNET rules. I also got these errors: Feb 22 21:18:41 manifold spamd[5132]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_MKSHRT' Feb 22 21:18:41 manifold spamd[5132]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_GT' Feb 22 21:18:41 manifold spamd[5132]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY' Feb 22 21:18:41 manifold spamd[5132]: rules: meta test SARE_SPEC_PROLEO_M2a has dependency 'MIME_QP_LONG_LINE' with a zero score Feb 22 21:18:41 manifold spamd[5132]: rules: meta test SARE_OBFU_CIALIS has undefined dependency 'SARE_OBFU_CIALIS2' Feb 22 21:18:41 manifold spamd[5132]: spamd: server started on port 783/tcp (running version 3.1.5) Feb 22 21:18:41 manifold spamd[5132]: spamd: server pid: 5132 Feb 22 21:18:41 manifold spamd[5132]: spamd: server successfully spawned child process, pid 5133 Feb 22 21:18:41 manifold spamd[5132]: spamd: server successfully spawned child process, pid 5134 Feb 22 21:18:41 manifold spamd[5132]: prefork: child states: II
