--- Robert Fitzpatrick <[EMAIL PROTECTED]> wrote: > Can anyone run any of these messages to see how your rules score > them? > Mostly stock symbol spam. I've been improving our scoring with > updates > today, but still not able to come up with any rules to cover these: > > http://esmtp.webtent.net/mail1.txt > http://esmtp.webtent.net/mail2.txt > http://esmtp.webtent.net/mail3.txt > http://esmtp.webtent.net/mail4.txt > > For instance, the first one I ran on a system with bayes working and > on > a system without, as you can see, hardly scored :( > > Content analysis details: (-2.5 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.1 FORGED_RCVD_HELO Received: contains a forged HELO > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to > 1% > [score: 0.0000] > > Content analysis details: (0.0 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > _SUMMARY_
It is a pretty low score for a stock spam even with my setup which uses rulesdujour in addition to whatever spamassassin uses. Looks like you could use some blacklisting type rules or plugins: [22947] dbg: check: is spam? score=5.893 required=3.5 [22947] dbg: check: tests=BAYES_40,FORGED_RCVD_HELO,RCVD_IN_SORBS_DUL,RCVD_IN_XBL ____________________________________________________________________________________ Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. http://farechase.yahoo.com/promo-generic-14795097
