On 01.06.2015 11:53, Ben wrote:
I've seen a few examples of IT Recycling emails being missed in the
Spamassassin net recently. Spamassasin has been scoring them very low.
I've kept back a couple of the most recent specimens, I am running
Spamassassin 3.4.0 on Ubuntu 14 LTS. Ubuntu is fully up to date, and
sa-update is running twice a day.
In relation to the two samples below, in order to protect the innocent
please note I have done the following obfuscations in the headers :
(1) my.server.domain has been replaced with example.com
(2) The first three octets of my server IP ranges have been replaced
with 10.254.254
http://pastebin.com/raw.php?i=T3FK1vcw
http://pastebin.com/raw.php?i=AQmJDc3p
This is dicey ESP bulk which SA will hardly ever detect.
To help tag this you'll need to :
- feed/use Bayes
- implement Razor/Pyzor/DCC (if not already done)
- write rules - header rules to score on certain X Headers, URI rules, etc.
or track their IP ranges and reject at MTA level
(would be my first choice)
h2h
Axb
