On Wed, 7 Jul 2010, Daniel McDonald wrote:
I¹ve been getting a significant number of spams that are hitting on a
number of rules in 72_active.cf, for example:
ADVANCE_FEE_3_NEW=0.001, ADVANCE_FEE_3_NEW_MONEY=0.001, AE_FORM_MONEY=2,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, L_P0F_Unix=-1,
RCVD_IN_DNSWL_NONE=-0.0001, RELAY_US=0.01, SPF_NEUTRAL=0.652,
T_FILL_THIS_FORM_SHORT=0.01, T_LOTS_OF_MONEY=0.01, US_DOLLARS_3=2.52
In the past couple of days, there have been around 700 spams that matched
one of the ADVANCE_FEE_3_NEW rules, as well as 28 messages that were most
likely spams that were not marked. Are we likely to see some of these rules
scored a little higher than 0.001 anytime soon? Or do I need to start
tweaking the scores for the ones I find reliable?
I think I'm going to have to manually maintain the ADVANCE_FEE_*_NEW
scores, the autoscoring doesn't seem to want to do a good job on them for
some reason.
For now, I'd suggest something like:
score ADVANCE_FEE_2_NEW_MONEY 0.50
score ADVANCE_FEE_2_NEW_FORM 1.00
score ADVANCE_FEE_3_NEW 0.50
score ADVANCE_FEE_3_NEW_MONEY 1.00
score ADVANCE_FEE_4_NEW 1.50
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Efficiency can magnify good, but it magnifies evil just as well.
So, we should not be surprised to find that modern electronic
communication magnifies stupidity as *efficiently* as it magnifies
intelligence. -- Robert A. Matern
-----------------------------------------------------------------------
Today: Robert Heinlein's 103rd birthday
