On Sun, 05 Jul 2009 08:09:09 +0100 "rich...@buzzhost.co.uk" <rich...@buzzhost.co.uk> wrote:
> Last week I thought I would remove my Postfix Header check that looks > in a subject line for the word 'Diploma | Degree'. It's been very > effective but using a hammer to crack an egg is probably not the best > plan. I figured it may be better to let Spamassassin pick these > spammy messages out as they are technically challenging, usually > using phone numbers, no links and few words. That said, a score of > 0.1 ? Mmmm; > > http://pastebin.com/m6e19f380 > It scored 37.5 for me, although a big chunk of that probably came from the delay. It picked-up 11 points from the Sought rules alone. X-Spam-Report: * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * [205.209.228.21 listed in zen.spamhaus.org] * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see <http://www.spamcop.net/bl.shtml?205.209.228.21>] * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 0.0 STOX_REPLY_TYPE STOX_REPLY_TYPE * 1.2 TO_MALFORMED To: has a malformed address * 1.1 SARE_SPEC_DIPLOMA educational spam subject * 0.1 BOTNET_BADDNS Relay doesn't have full circle DNS * [botnet_baddns,ip=205.209.228.21,rdns=nts-21.228-209-205.nts-online.net] * 0.6 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.1 BOTNET_IPINHOSTNAME Hostname contains its own IP address * [botnet_ipinhosntame,ip=205.209.228.21,rdns=nts-21.228-209-205.nts-online.net] * 0.1 BOTNET_CLIENT Relay has a client-like hostname * [botnet_client,ip=205.209.228.21,rdns=nts-21.228-209-205.nts-online.net,ipinhostname] * 0.9 SARE_DIPLOMA2 BODY: Talks about online degrees or diplomas * 0.6 J_CHICKENPOX_52 BODY: 5alpha-pock-2alpha * 0.3 GENERIC_IXHASH BODY: iXhash found @ generic.ixhash.net * 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) * 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) * 0.0 DIGEST_MULTIPLE Message hits more than one network digest check * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * 0.1 TRUSTNET_MAYBE_TOO_BIG Received into trusted network by server with * unknown domain * 4.0 JM_SOUGHT_1 Body contains frequently-spammed text patterns * 1.5 IXHASH_CHECK IXHASH_CHECK * 3.0 BOTNET Relay might be a spambot or virusbot * 3.0 JM_SOUGHT_FRAUD_1 Body contains frequently-spammed text patterns * 4.0 JM_SOUGHT_3 Body contains frequently-spammed text patterns * 0.0 RAZOR2_HIT RAZOR2_HIT
