Scott Silva wrote:
That is why I don't score botnet as high as the default. I want the actual mail content to contribute something to its being tagged. That way if I get a botnet hit at say 2.0, either a bayes_99 or a hit on a digest will send it way over. But if it hits only botnet, and nothing else, it can pass.
Technically, with a score of 5, the mail still passes. It just gets marked as spam. (I hope no one actually rejects/deletes/bounces spam at an SA score of 5 or even 6 or 7 ... that would seem to me to be a bit irresponsible) The logic is "flag it for review/quarantine/segregation if Botnet thinks it came from a zombie".
I would sugjest that the botnet meta rule would have its name extended slightly, so a grep for its name doesn't hit all the botnet rules without having to egrep with a regex.
Hm. What's wrong with having to egrep? _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
