On Fri, 30 Mar 2012, joea wrote:
Having some difficulty grasping why some SPAM is getting thru yet some
similar is marked.
They have different source email address and subject, yet identical
"layout" 3 http links, 3 graphics items and like that.
"Layout" generally isn't relevant.
The links might be useful if they point at known spamvertised sites.
However, there can be a delay between a site being spamvertised and it
being "known", so you might consider greylisting. That delays messages a
bit and gives the spammy sites a chance to get recognized and listed and
scored.
Is there any text? Or are the images "pictures of words"?
When I save the message source (Mime.822 file) and do sa-learn --spam
file it says "Learned tokens from 0 message(s) (1 message(s) examined)"
I guess that means it already know this type?
Either it has already learned that message-ID, or the message is larger
than the size limit for learning.
I did similar with a flagged message that I liked, with sa-learn --ham
file. That tells me it learned 1 token. I Guess that means what is
says.
Seem I'm missing something.
That's very little information to go on.
Posting samples (with _all_ headers intact) on a pastebin or on a personal
website so we can see them might yield some advice or new rules. Please
don't send samples to the list, just the URLs where the samples are
visible.
If you can include the X-Spam headers so that we can see what rules hit,
so much the better.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...much of our country's counterterrorism security spending is not
designed to protect us from the terrorists, but instead to protect
our public officials from criticism when another attack occurs.
-- Bruce Schneier
-----------------------------------------------------------------------
2 days until April Fools' day
