Asif Iqbal <[EMAIL PROTECTED]> wrote on 06/17/2004 07:37:04 AM:
> Any suggestion on how I should reconfigure my SA 2.63 + rules_du_jour's
> rulesets to detect the following message as a SPAM?
>
> Thanks a lot
>
> ----- Forwarded message from carolyne fernandez
> <[EMAIL PROTECTED]> -----
[snip]
My system scored it at 27.9
X-Spam-Report:
* 0.1 RATWR10_MESSID Message-ID has ratware pattern
(HEXHEX.HEXHEX@)
* 1.1 SARE_RECV_IP_222064 Spam passed through possible spammer
relay or source
* 3.3 SARE_USERAG_2 Strange user-agent header implying spam
* 2.0 EVILNUMBER_A_ARUBA BODY: Phone number or address pulled from
spam
* 0.8 SARE_SXLIFE BODY: Talks about your sex life
* 0.8 SARE_PLEASEPARTNR BODY: common spammer phrasing
* 0.8 SARE_INLENGTH BODY: common spammer phrasing
* 0.8 SARE_BEASTUD BODY: common spammer phrasing
* 6.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 0.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 5.5 WS_URI_RBL URI's domain appears in sa-blacklist
* [www.burstofhelath.com is blacklisted in SpamCop]
[RBL at ws.surbl.org]
* 0.7 SARE_HTML_EMPTY Email is HTML format, but common tags not
found
* 4.0 SARE_SPEC_ARUBA contains postal address of spammer
* 1.2 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no
HTML tag
Get the following from sare: header_0, adult, specific, evilnumbers.
Install the surbl patch, turn on and train your bayes.
Andy
