On Tue, 2009-05-19 at 09:43 +0200, Geert Batsleer wrote:
> since a couple of days I'm receiving huge amounts of explicited spam
> wich doesn't get tagged.
>
> For example email with subject "Breast Orgasms Will Give Her the Most
> Explosive Orgasm ..." only results in a 2.0 score
Now that's a hidden link to a sample. ;) Wants me to log in to your
webmailer, though.
No sample, so we can only guess. However, this indeed sounds like the
recent image-only spam, containing *no* text but an image only. In that
case, check the archives for the thread "Image-only spams" started on
May 7. Depending on your mail stream, you'll probably be safe to bump up
the proposed 2.0 score slightly.
> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on SOKAHO.secret.be
> X-Spam-Level: **
> X-Spam-Status: No, score=2.0 required=3.0 tests=BAYES_60,
> DYN_RDNS_AND_INLINE_IMAGE,RCVD_IN_PBL,RDNS_DYNAMIC autolearn=no
> version=3.2.5
Train your Bayes on all of them. That image-spam run consistently
triggers high Bayes scores here. But you really need to train them. Same
goes for all low scorers, in particular low Bayes scores.
> I'm allready using 3.0 as the maximum score wich is quite small so
> putting it to 2.0 on my system could result in false positives. The
> funny thing is that such explicit words have never been able to get
> through my SA setup and now all sorts of this kind of explicit stuff
> gets through.
Agreed, don't lower the required_score threshold even further. Actually,
if the MIME_IMAGE_ONLY rule matches, I'd strongly advice to raise it
back.
> Any idea how I can block these explicit mails before they end up in my
> users inboxes?
Any sample? We're not psychic. OK, sometimes we are. ;)
If you want us to give some advice how to better catch some sneaky
stuff, you'd need to provide a raw sample, including all headers,
uploaded somewhere. Don't post them to the list. Your assessment of what
bothers you about the spam often isn't what we are able to come up with
to reliably identify them.
guenther
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
