On Sat, 2008-11-01 at 19:54 +0000, Martin Gregorie wrote: > On Sat, 2008-11-01 at 18:20 +0100, Karsten Bräckelmann wrote: > > > Also, various URI BLs should include the URIs rather early. Are you > > perhaps missing some of these in your SA setup? Maybe put some examples > > up a pastebin and send the link here. > > I'm running the standard SA setup without any additional rulesets apart > from private ones I've written for amusement and self-education. I have > blacklist interrogation enabled. > > > If you're feeling confident about the rule, you can open a new bug. > > However, you always can simply post it here for discussion and a broader > > peer-review first in either case. > > > Here's the rule with spaces removed from the meta-rule to prevent it > line-wrapping. Unfortunately, the 4th sub-rule has wrapped and there's > not a lot I can do about that.
Yes, there is. Your MUA, Evolution, features pre-formatted paragraphs in the Composer. But I don't feel like repeating myself today. > describe MG_CASINO Casino gambling > body __MG_CAS1 /(csnaio|casino)/i > header __MG_CAS2 Subject =~ /casino/i > header __MG_CAS3 From =~ /casino/i > body __MG_CAS4 /(\$[0-9]+|[0-9]+ *euro|gold|real deal|invite.*play)/i > meta MG_CASINO ((__MG_CAS1||__MG_CAS2||__MG_CAS3)&&__MG_CAS4) > score MG_CASINO 2.0 Hmm, it might be worth for local rules, to score at least a few of them on sight with a low score, yet keeping them in the meta. (Yes, single word rules are generally bad, but scoring a From header that contains specific words might help catch these.) I'd enforce word breaks, though. > and here's one of the messages I mentioned: > > http://pastebin.com/m1de987d0 X-Spam-Status: No, score=5.2 required=6.0 tests=HTML_MESSAGE,MIME_HTML_ONLY, RCVD_IN_PBL,RCVD_IN_XBL,RDNS_NONE This one would have been flagged as spam when using the default required_score spam threshold of 5.0. Also, I notice you're apparently not using Bayes, which likely could raise the score above your 6.0 threshold, when trained on these. On my check the sample also scored 0.8 for SPF_HELO_SOFTFAIL. Plus Pyzor, which is not enabled by default unless you install Pyzor. URIBL_BLACK as well as SURBL JP and OB triggered for me. These might very well be updated *after* you received that mail, but it won't hurt to check, if they are working for you at all. Oh, and then I got a custom rule worth 0.5 for any single Relay, direct client to MX mail. HTH guenther -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
