On 23/07/14 18:45, Amir 'CG' Caspi wrote:
So, to follow up on this... over the past couple of weeks I've been getting a lot more
FNs than normal, and almost every single one of these is an "encoded character"
spam like the example above. Bayes training does appear to work, in that many of these
FNs are already at BAYES_999... but there aren't enough other rules hit to cause the FNs
to cross the 5.0 threshold. (Other, similar spams do cross the threshold, usually due to
RAZOR and/or PYZOR hits.)
Same here - I've had one particular user furious about this, laughable but
still annoying.
I'm definitely considering writing a rule to catch �[0-9]{3}; patterns. I'm
definitely worried it could cause FPs, but are there common circumstances where
legitimate emails would include dozens to hundreds of these? (The latest FNs only
include a few dozen, not the hundreds seen in the spample above.)
You might find the following useful
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7068
and
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7063
I've also implemented several rules to try and catch these types of emails.
Namely counting the encoded chars and recognising other traits I've noticed
with this type of mail.
Hope the patches above get pushed into production
Paul
--
Paul Stead, Zen Internet
Systems Engineer
