On 30 Apr 2017, at 10:17, David Jones wrote:
99_mailspike.cf
-----------------------
shortcircuit RCVD_IN_MSPIKE_H5 on
score RCVD_IN_MSPIKE_H4 -3.2
score RCVD_IN_MSPIKE_H3 -2.2
score RCVD_IN_MSPIKE_H2 -1.2
score RCVD_IN_MSPIKE_WL -0.82
score RCVD_IN_MSPIKE_BL 1.2
score RCVD_IN_MSPIKE_L2 0.2
score RCVD_IN_MSPIKE_L3 1.2
score RCVD_IN_MSPIKE_L4 2.2
score RCVD_IN_MSPIKE_L5 3.2
Scoring RCVD_IN_MSPIKE_WL and RCVD_IN_MSPIKE_BL so strongly seems odd,
as those will always hit if any of the RCVD_IN_MSPIKE_H* and
RCVD_IN_MSPIKE_L* respectively. Also, in my experience those scores
vastly overvalue the "good" classes. I have received every major class
of spam from H4 and H3 sources, including trojans, advance fee fraud,
bank phishing, ISP phishing, penis pill ads, replica watch ads, and
whois-scraped solicitation for various sorts of domain promotion
(violating the whois data usage rules of the relevant domain
registries.) There has also been a few bits of "mainsleaze" spam
(nominally legitimate companies adhering to relevant laws) but those
tend to come more from H5 sources. Perversely, H2 is a better correlated
to non-spamminess than either H3 or H4 in my recent (2015-now) logs and
this is consistent with the scores determined by the RuleQA process: H2
is stronger than H5 and all the other rules are scores +/- 0.01
