Here's a sample with only a Bayes hit, and not very high at that... anyone get better results?
http://frodo.bruderhof.com/norules.txt
I got much better results, however, time has since passed and that allows for the spam to have propagated to the various blacklists, etc. My system might not have scored it so high at 8am this morning.
The hits I got are largely razor 2.61's e8 (whiplash) and SURBL based. Razor's e4 algorithm doesn't match (I checked the debug output), so any razor that is pre 2.61 would not have generated a razor hit at all.
It also hit on one of my personal rules which uses blackholes.us's china/korea combined zonefile. I've got it set at 2.5 points to avoid undue false positives on legit email from these areas. I find the slight score boost helpful at preventing some FN's, while not enough to cause problems by outright blocking off all email from a nation.
Otherwise my config is SA 2.63, Mail::SpamCopURI using sc.surbl.org/ws.surbl.org/ob.surbl.org , and razor 2.61
optional rulesets: antidrug.cf, and old versions of evilnumbers.cf, 70_sare_random.cf, and 70_sare_specific.cf
Here's what I got:
Content analysis details: (12.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 BAYES_60 BODY: Bayesian spam probability is 60 to 70%
[score: 0.6238]
1.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence between 51 and 100
[cf: 100]
3.0 OB_URI_RBL URI domain appears in outblaze-blacklist
[vybx.f.antioch8386drygs.us is blacklisted in URI]
[RBL at ob.surbl.org]
3.0 WS_URI_RBL URI's domain appears in sa-blacklist
[vybx.f.antioch8386drygs.us is blacklisted in URI]
[RBL at ws.surbl.org]
1.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.5 RCVD_IN_CHINA_KR RBL: Received from China or Korea
[220.188.212.16 listed in cn-kr.blackholes.us]