On 15.11.18 09:42, Ian Zimmerman wrote:
This little pearl got through upstream filter on a mailing list.
such spam is very hard to detect, because mailing lists tend to clear negative-scoring rules and add some positive-scoring. such spam should be filtered at mailing list level before this happens.
My scores for it were: RCVD_IN_DNSWL_MED=-2.3,SPF_HELO_PASS=-0.0,MAILING_LIST_MULTI=-1.0,TOTAL=-3.3
these are standard rules, and since the mail came from a mailing list, it's expected to score negatively. what can help you - BAYES - network rules - URI blacklists Do you have those enabled?
Here is my user_prefs file: # This one disables Bayes. If you want to use Bayes remove or comment # out this line. You'll need to manage your Bayes database with a # cronjob or something. I can help but I won't do the last tiny detail. use_learner 0
1. this description is invalid. use_bayes disables bayes. 2. bayes is the best to help you to detect spam. Don't complain when you have disabled it.
Where are all the other scores? I would have expected at least something for bit.ly and for the misspelled closing line, which is a dead spam give-away to a human ...
did you enable/install razor, pyzor, dcc, spf and dkim libraries?
I have run spamassassin -D on it and everything seems to work as designed i.e. the tests including URIBL run fine, they just don't catch anything. It's disappointing.
apparently it does not contain any URI.
Maybe the KAM rules would have got this one?
no. They can help, but hardly help you to push -3.3 scoring mail received via mailing list over spam threshold. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site.
