cheers( hackers ); I want to propose some small changes to the default SA scores and rules. About two weeks ago Spammer(s) started to misuse the Habes [1] watermark to identify non-SPAM (aka HAM). Seems like there is currently a lot of SPAM with this faked headers.
The current score for this watermark is -8 [2]. This lets a lot of this kind of SPAM slip through (that would not otherwise) and there are even a lot of reports about auto-learning those messages as HAM on the SA mailing list. The current score is based on the mass tests before this kind of SPAM was known and this watermark indeed was a sign of HAM those days. I suspect, most users will get more SPAM as HAM with this watermark today. :-/ The attached adjustments would eliminate this issue. 1) Setting the HABEAS_SWE rule to 0 effectively will disable this test. As a result, no valid Habes marked mails will get added HAM points, but the Spammers don't profit by it either. 2) Excluding the Habeas headers from Bayes would be good too. Otherwise, getting more SPAM as HAM with this faked headers will poison the Bayes database and HAM will get bad Bayes scores. Fighting SPAM is a hard and time consuming task. I bet a Rupert, that Spammers are reading the SA mailing lists... ...guenther [1] http://www.habeas.com/ [2] According to http://spamassassin.org/tests.html, as I am still running 2.60 currently. AFAIK there are no score adjustments since then. -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
score HABEAS_SWE 0 bayes_ignore_header X-Habeas-SWE-1 bayes_ignore_header X-Habeas-SWE-2 bayes_ignore_header X-Habeas-SWE-3 bayes_ignore_header X-Habeas-SWE-4 bayes_ignore_header X-Habeas-SWE-5 bayes_ignore_header X-Habeas-SWE-6 bayes_ignore_header X-Habeas-SWE-7 bayes_ignore_header X-Habeas-SWE-8 bayes_ignore_header X-Habeas-SWE-9
