There's a kludge that can be done for this that I call a combo filter. If you are using 1.78+ and the Pro version, you can code up a filter that adds extra points when both tests are failed. For an example of how this works, see the following archive post:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg16551.html
Or take a look at the ZOMBIE filter in the beta filters section of my site:
http://www.mailpure.com/software/decludefilters/beta/
For this type of spam, it's likely that much of it comes from China, and I have a filter called BADCOUNTRYNOREVDNS that can be used to add points to this stuff in the same beta filter directory.
Note that I also share the interest in logical operators, but I do recognize that this is a fairly large change and if it comes, I don't expect to see it soon.
Matt
Dave Doherty wrote:
Hi,
I've been seeing a lot of spam the last couple of days that fails both the REVDNS and BASE64 tests and nothing else.
I hold on 10, and based on a year of experience with balancing the usual factors of false positives versus catches, I have each of these tests scoring a 4. Needless to say, this particular spam is getting through with a score of 8.
I know I can increase each test by a point and take care of it, and I have done that as a temporary measure, but I am concerned that my false positive rate will climb as a result.
Is there a way to "AND" these tests or to post-process with a filters file that would detect the phrase "X-Spam-Tests-Failed: BASE64, REVDNS" in the headers and add some weight?
-Dave Doherty Skywaves, Inc.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
