A couple days ago, I wrote:
> Some archive searching has revealed that multi-line matching isn't
> available yet. Is there another way to rework this rule that I'm
> missing, using meta rules perhaps? It would single-handedly get a lot of
> spam that I get, which is consistantly of the form of three "ambiguous
> product pitch:\nurl\n\n"s. My email address appears in the third URL,
> and the first two are mostly numeric.
What ultimately worked was to make several low-scoring (ie, .01)
rules to catch specific characteristics of the email (which each have
occasional false positives), especially the included URLs, and then one
heavyweight meta rule if 5 or more of those rules matched. This would
probably be effective for most spam types that use a specific subset of
common ham words, such as testing for several matches out of "browser",
"cache", 'significant other' terms, website(s) visit(ed), hard drive,
history, watched/tracked, and so on to catch history/cache deleting
sofware spam.
Hope this is helpful.
sckot Vokes
--
"I wish I had a 2 liter of Pepsi in my box of replacement
staples, so if they needed to quench their thirst, then
they could ride the snake." -Kefka P
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
