I have some users getting slammed with this spam. Before I start trying to figure out how to intercept, can someone test this message and tell me if your getting a score above 5.0?
http://esmtp.webtent.net/test.txt I'm getting 4.4 on this particular one, but others less. My bayes still insists on knocking it down even after learning 10-20 similar messages. I believe our bayes is trained well with 94K spam versus 85K ham learned with auto learning above 35 for spam and -3 for nonspam. All other is manually trained mostly by me... mx1# su vscan -c 'spamassassin -t < test.msg' <snip> Content analysis details: (4.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 MISSING_MID Missing Message-Id: header 0.0 MISSING_DATE Missing Date: header 2.5 MISSING_HB_SEP Missing blank line between message header and body 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 1.3 MISSING_HEADERS Missing To: header 1.5 SARE_ADULT1 BODY: Contains adult material -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 1.8 MISSING_SUBJECT Missing Subject: header I am running SA 3.2.3 via amavisd-maia with most SARE rules, chickenpox and other miscellaneous rules... mx1# cat /usr/local/etc/mail/spamassassin/sare-sa-update-channels.txt 70_sare_evilnum0.cf.sare.sa-update.dostech.net 70_sare_adult.cf.sare.sa-update.dostech.net 99_sare_fraud_post25x.cf.sare.sa-update.dostech.net 72_sare_bml_post25x.cf.sare.sa-update.dostech.net 70_sare_spoof.cf.sare.sa-update.dostech.net 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net 70_sare_oem.cf.sare.sa-update.dostech.net 70_sare_random.cf.sare.sa-update.dostech.net 70_sare_header0.cf.sare.sa-update.dostech.net 70_sare_html0.cf.sare.sa-update.dostech.net 70_sare_specific.cf.sare.sa-update.dostech.net 70_sare_obfu0.cf.sare.sa-update.dostech.net 72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net 70_sare_genlsubj0.cf.sare.sa-update.dostech.net 70_sare_unsub.cf.sare.sa-update.dostech.net 70_sare_uri0.cf.sare.sa-update.dostech.net 70_sare_whitelist.cf.sare.sa-update.dostech.net 70_sare_whitelist_spf.cf.sare.sa-update.dostech.net 70_sare_stocks.cf.sare.sa-update.dostech.net updates.spamassassin.org -- Robert
