Hi,
Rocco Scappatura wrote:
There is another discussion on this list about rules that
catch these sorts of messages. Check that out for ideas.
For what it is worth these are the rules I get:
Content analysis details: (10.5 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
2.9 FROM_LOCAL_NOVOWEL From: localpart has series of
non-vowel letters
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain
signs some
mails
0.6 J_CHICKENPOX_14 BODY: 1alpha-pock-4alpha
3.5 BAYES_99 BODY: Bayesian spam probability
is 99 to 100%
[score: 1.0000]
2.4 RCVD_IN_WHOIS_BOGONS RBL: CompleteWhois: sender on
bogons IP block
[102.176.29.76 listed in
combined-HIB.dnsiplists.completewhois.com]
1.0 RCVD_IN_JANET_RBL RBL: Relay in JANET MAPS RBL+ RBL
[102.176.29.76 listed in
rbl-plus.mail-abuse.ja.net]
0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
I get:
pts rule name description
---- ----------------------
--------------------------------------------------
2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel
letters
0.1 TW_GD BODY: Odd Letter Triples with GD
0.1 TW_LG BODY: Odd Letter Triples with LG
-0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
[score: 0.3955]
2.4 RCVD_IN_WHOIS_BOGONS RBL: CompleteWhois: sender on bogons IP
block
[102.176.29.76 listed in
combined-HIB.dnsiplists.completewhois.com]
0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
0.6 AWL AWL: From: address is in the auto white-list
But only after some hours that I have received the messages..
I suppose that at that time the score assigned by your SA was lower than
you just report above.. (maybe at that time, the IP 102.176.29.76 was
"not-DNSBListed" ).
Anyway, I figure out that your SA use different rulesets of mine..
Could you instruct me about a good set of ruleset I have to use to lower
the chance that spam pass trhough my spam-scanner, maintaining a good
level of performance?
The biggest difference is that my Bayes system scored it as BAYES_99
which adds 3.5 points, and your Bayes system scored it as BAYES_40 which
subtracted 0.2 points.
I did get a few of those emails come through at the start, but by
feeding them into my Bayes system they now get caught.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
