On 09.08.09 11:33, Cedric Knight wrote:
> I'm using Bayes and network tests, and have found a few rules with a
> good ratio of ham to spam, but that score only 0.001 in the default rules.
apparently there's no use for them alone and the score isn't 0 just because
that would cause them not to be processed.
> Here are the ones I'm talking about:
>
> FH_HELO_EQ_D_D_D_D
>
> Overlaps with HELO_DYNAMIC_IPADDR2 and TVD_RCVD_IP,
this is a big problem Imho, I've even filled a bugreport because of this
> but if you redefine it as
>
> header FH_HELO_EQ_D_D_D_D X-Spam-Relays-Untrusted =~ /^[^\]]+
> helo=(?!(?:[a-z]\S*)?\d+[^\d\s]\d+[^\d\s]\d+[^\d\s]\d+[^\d\s][^\.]*\.\S+\.\S+[^\]]+
> auth= )[^ ]{0,15}\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}/
>
> it clearly hits a good number that are missed by the other rules, with a
> similar ratio.
it would match for every host send from generic IP address (if they know the
address and it's rdns) , which is very common for dsl,cable,dialup etc
users.
> Also a rule like
> header HELO_MISC_IP X-Spam-Relays-Untrusted =~ /^[^\]]+
> helo=[^a-z ]\S{0,30}(?:\d{1,3}[^\d]){4}[^\]]+ auth= /
> hits a lot of spam otherwise missed, although the ratio is not quite so
> good.
exactly the same I'd say.
> FH_HOST_EQ_VERIZON_P
> Being based in the UK, don't have many dealings with Verizon customers,
> so YMMV on this one. Still, only around 0.2% of hits are ham.
you should understand that SA has many users living in a country with many
verizon customers and the rules should be done tht they could be used
generally
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?
