I've been watching developments in the spam folders here. You are still
scoring high. Paypal and ebay letters have decreased, but not vanished.
A few things about your setup become clear.
1. If you can manage to call razor _before_ spamassassin instead of
through it, you will save quite some processing overhead on your mail
throughput. Spamassassin calls razor with the other dns tests in the
beginning. Calling razor on it's own will mean that a spamd process
isn't ever started for mail that is known razor spam. The actual time
for a message to get processed will increase; the max will be timeout
time for razor followed by timeout time for dns, but this is hardly
critical.
2. You are still letting through forged paypal and ebay letters. If some
adjustments have been made at your end, they have not been 100%
successful. Below are a couple of Message ids with my report.
Message-Id: <[EMAIL PROTECTED]>
pts rule name description
---- ---------------------- --------------------------------------------
------
3.0 FORGED_RCVD_HELO Received: contains a forged HELO
-6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to'
6.0 USER_IN_BLACKLIST_TO User is listed in 'blacklist_to'
2.5 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
0.5 HTML_MESSAGE BODY: HTML included in message
0.2 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag
2.0 HTML_70_80 BODY: Message is 70% to 80% HTML
1.7 SARE_PHISH_HTML_03 numeric href with https description
2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME h
eaders
104 SARE_FORGED_EBAY Message appears to be forged, (ebay.com)
2.5 SARE_PHISH_HTML_02 numeric href with https description
Message-Id: <[EMAIL PROTECTED]>
pts rule name description
---- ----------------------
--------------------------------------------------
3.0 FORGED_RCVD_HELO Received: contains a forged HELO
-6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to'
6.0 USER_IN_BLACKLIST_TO User is listed in 'blacklist_to'
8.0 HOT_NASTY BODY: Possible porn - Hot, Nasty, Wild,
Young
2.5 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
0.5 HTML_MESSAGE BODY: HTML included in message
0.2 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag
2.0 HTML_70_80 BODY: Message is 70% to 80% HTML
2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
headers
104 SARE_FORGED_EBAY Message appears to be forged, (ebay.com)
Message-Id: <[EMAIL PROTECTED]>
This was caught by razor alone (never giving any false positives, in my
experience), so I saved it off and piped it to spamc -R
pts rule name description
---- ----------------------
--------------------------------------------------
-6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to'
6.0 USER_IN_BLACKLIST_TO User is listed in 'blacklist_to'
2.0 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
0.5 HTML_MESSAGE BODY: HTML included in message
2.0 HTML_70_80 BODY: Message is 70% to 80% HTML
104 SARE_FORGED_PAYPAL Message appears to be forged, (paypal.com)
20 SARE_FORGED_PAYPAL_C Has Paypal from, no Paypal received header.
This forged paypal rule comes out 100%, as does razor.
--
With best Regards,
Declan Moriarty.
--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
