I'd be interested in seeing a spample or two. We have virtually no hits but if it's in the wild, that changes my opinion. The key thing I would want to know is does this rule push it over the edge or is it already scoring a bazillion and this just adds to it? -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171
On Wed, May 29, 2019 at 7:44 PM Amir Caspi <ceph...@3phase.com> wrote: > I’m surprised, a huge percentage of the spam we get hits this rule. I am > happy to submit spamples, but it is a very big spam indicator for our > little server. > > --- Amir > thumbed via iPhone > > On May 29, 2019, at 6:10 PM, Kevin A. McGrail <kmcgr...@apache.org> wrote: > > At work, we looked at this and decided the rule had no merit based on > current mailstreams. Our guess was that the spam run it hit has ended. It > is a deadweight rule. > > On Wed, May 29, 2019, 18:05 John Hardin <jhar...@impsec.org> wrote: > >> On Thu, 16 May 2019, John Hardin wrote: >> >> > On Thu, 16 May 2019, Amir Caspi wrote: >> > >> >> On Apr 26, 2019, at 4:51 PM, RW <rwmailli...@googlemail.com> wrote: >> >>> >> >>> header BOGUS_MIME_VERSION MIME-Version =~ /^(?!\s*1\.0).+/ >> >>> >> >>> it may be better to change that to >> >>> >> >>> /^(?!.*\b1\.0\b).+/ >> >>> >> >>> to avoid punishing the form >> >>> >> >>> Mime-Version: (Nosuch Mail 2.0) 1.0 >> >>> >> >>> which is valid, though I don't think I've ever seen it (comments are >> >>> usually on the right). >> >> >> >> John, so many of my spams are hitting BOGUS_MIME_VERSION that I would >> >> imagine it's worth sandboxing and incorporating into the primary >> ruleset. >> > >> > I've added both versions as unscored rules so we can see how they >> perform. >> >> Masscheck doesn't think much of them: >> >> >> https://ruleqa.spamassassin.org/20190529-r1860321-n/__BOGUS_MIME_VER_01/detail >> >> https://ruleqa.spamassassin.org/20190529-r1860321-n/__BOGUS_MIME_VER_02/detail >> >> The good news is their S/O is 1.00 (not that that means much given the >> small hit rate), and the bulk of the spams they hit currently score zero. >> >> We could manually push them with score = 1.000, and let local admins >> decide whether to adjust the score. >> >> Opinions solicited. >> >> -- >> John Hardin KA7OHZ http://www.impsec.org/~jhardin/ >> jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org >> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 >> ----------------------------------------------------------------------- >> We have to realize that people who run the government can and do >> change. Our society and laws must assume that bad people - >> criminals even - will run the government, at least part of the >> time. -- John Gilmore >> ----------------------------------------------------------------------- >> 8 days until the 75th anniversary of D-Day >> >
