Hello Rob, Sunday, December 12, 2004, 12:55:34 PM, you wrote:
RB> But now, I need some better rules. ... RB> Here are the trusted rulesets I am using: RB> SARE_OEM RB> SARE_GENLSUBJ RB> SARE_GENLSUBJ_ENG RB> SARE_CODING Get ride of SARE_CODING -- the coding_html file has been deprecated. (If your RDJ system is working correctly, that's an empty .cf file, but it's probably best to remove it regardless.) Replace it with SARE_HTML (70_sare_html.cf and 70_sare_html_eng.cf). RB> SARE_HEADER1 RB> SARE_HEADER2 Why do you use files 1 and 2 but not 0? 70_sare_header0.cf is the most powerful file of that family. And you may want 70_sare_header_eng.cf as well. RB> SARE_BML RB> SARE_FRAUD RB> SARE_SPOOF RB> SARE_UNSUB RB> SARE_RANDOM RB> SARE_TOP_200 RB> BOGUSVIRUS RB> ANTIDRUG Antidrug is now incorporated into 3.0.x -- remove the SARE-developed version from your system. RB> TRIPWIRE RB> EVILNUMBERS RB> SARE_SPECIFIC 70_sare_uri.cf is another file you may want to add. RB> The spam I am missing can't be attached, as mail.apache.org is seeing this RB> message as spam if I add them. But ingeneral, it is some of the male pills, RB> some that have bizarre phrases and an HTML image, and some of the standard RB> Rolex spams. I hope this message makes it. My next release of HEAD, GENL_SUBJ, and URI should wipe out the Rolex and similar (Genuine Replica!) spams. Specific is the best tool against the male pills spam, but some are even slipping through here until SURBL is trained. You don't indicate whether you can/do use Bayes, SURBL, or the various network tests. They help greatly (and SURBL is the best defense against those "only have a graphic and link" spam emails. Each new domain may sneak one or two through until SURBL gets updated, but then they're dead. Bob Menschel
