I'm using Postfix 2.4.6, Amavisd-new 2.5.2, ClamAV 0.91.2 and
Mail-SpamAssassin 3.2.3 in a Linux mail filter.
As I recall, SA used to have some rules that penalized e-mail
originating from mass-emailing applications like "The Bat!". I see some
of these now slipping through and don't see where they are scored
negatively. Have those rules been obsoleted?
If I wanted to add a point for messages coming from The Bat!, how would
I write that rule?
Thanks!
Ken Morley
Here's a sample. Note that I'm also using Passive OS Fingerprinting,
which doesn't recognize the IP stack either.
>From [EMAIL PROTECTED] Mon Dec 17 18:42:02 2007
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-Virus-Scanned: by amavisd-new using ClamAV at private_domain
X-Spam-Flag: NO
X-Spam-Score: 3.949
X-Spam-Level: ***
X-Spam-Status: No, score=3.949 tagged_above=3 required=5
tests=[BAYES_50=0.001, DCC_CHECK=2.17, HTML_MESSAGE=0.001,
L_P0F_UNKN=0.8, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1]
X-Amavis-OS-Fingerprint: UNKNOWN [65535:52:1:52:M1364,N,W3,N,N,S:.:?:?],
(link: unknown-1404), [189.15.220.184]
Date: Tue, 18 Dec 2007 00:49:29 +0000
From: "Behlmer Cherrez" <[EMAIL PROTECTED]>
X-Mailer: The Bat! (3.62.09) Professional
Reply-To: Behlmer Cherrez <[EMAIL PROTECTED]>
X-Priority: 3 (Normal)
To: [EMAIL PROTECTED]
Subject: consoling
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----------372B7EDE864719"
------------372B7EDE864719
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Hej, =20
Downlooadable Softwaree=20
http://www.geocities.com/wpn3iof2b2qg13g/=09
A special point of practice: they circumcise themselves western
railway in regard to goods despatched legend, set the damsel
asneezing violently, an man who was a bosom friend of the
sparrow. But allow him to come out alone. My friend rose
lazily take again.' and ere the schoolmaster could call
and also another which, on coming down a steep course you
