On 02/20/2011 08:22 AM, Michelle Konzack wrote: > <http://www.electronica.tamay-dogan.net/spamassassin/>
You need to train bayes. Those messages all hit BAYES_00 when they should be somewhat consistently hitting BAYES_80 or higher (after you begin training them). If you are not prepared to do this, you must disable it as it is harming you in its current state. If you are prepared, wipe your bayes database and start from scratch, training as much as possible. Also, somewhere in your mail processing (maybe on Debian's side?), there is an Amavisd-new scan which uses Razor2, showing us that these messages are mostly registered there. Enable the Razor2 plugin. > RCVD_IN_DNSWL_MED 4.0 > > Not very funny. I'm not sure what you mean by this, but the default score should be -2.3 from this line: score RCVD_IN_DNSWL_MED 0 -2.3 0 -2.3 If you let that go back to its default, train bayes, and configure Razor2, you should be able to catch most if not all of that spam without any of the potentially harmful measures you're considering. Also, that DNSWL hit, which refers to the Debian mailing list itself, can go away if you put 82.195.75.100 in your trusted_networks, though I do not recommend that unless you also define your internal_networks (and exclude it from there) since internal_networks otherwise defaults to copying your trusted_networks. There is some controversy in doing this, but I'll leave others to describe it if they think it's important. > Now I have increased "URIBL_RHS_DOB" to 5.0 because I do not know a > singel serious website which was registered and gone immediately online. Not at the moment, but that's not something you check. There is a reason that rule is not scored very high. Even URIBL_BLACK, which is highly trusted, is only scored 1.8, so I would strongly suggest not exceeding that mark, even if you are so convinced. If you still want a custom rule, this should do: header __LISTID_DEBIAN List-Id =~ /\.lists\.debian\.org>/ body __RAJONAA_INFO m' rajonaa: http://www\.[\w-]{0,50}\.info !$' meta DEB_RAJONAA __LISTID_DEBIAN && __RAJONAA_INFO describe DEB_RAJONAA Latvian text with .info URI on Debian List score DEB_RAJONAA 3.0 Google translate seems to think the language is Latvian, but it does not have a translation for the word "rajonaa." An online search shows that it is used to indicate links on occasion, so we still need more context. I've added this to my sandbox as well.
signature.asc
Description: OpenPGP digital signature
