Hey guys, thanks for your replies, it's appreciated. On Tue, 2006-02-07 at 10:44 -0800, Loren Wilton wrote: > > > > I cna't seem to connect to your site, so I'll just assume that is a standard > vertical drug spam. >
Yep. I've been getting weird Horizontal spams too which are slipping by. To answer Evan and Matt's question, I use MIMEDefang to send spams to the spam box. Again, most spam is tagged correctly and moved accordingly. > Or are you saying that when one of these puppies gets through and you go > back later and test it it gets a very high score? These spams do not get marked as spam, they are treated as if they are regular e-mails (ham), despite the fact that when I check them later, they get an /extremely/ high score. > > > The only reason I can think that they may not be getting sent to our > > spam box is either SURBL scores aren't registering or somehow these > > types of messages can get around spamassassin... Could anyone shed some > > light on why these types of messages are getting by? > > The answer could be "both". > > If you don't have sare_specific.cf (I believe it is) then these Leo drug > spams will sail right past the SA standard rules. Even with the sare rules > it is a bit of a fight; Leo is pretty good about updating the format pretty > frequently. Here's another example message: http://168.100.199.67/message2.txt > > As for SURBL, it will certainly catch these - IF you aren't one of the first > lucky winners that gets the initial batch before they can show up in SURBL. > I suspect this is probably what is happening when you say they have a high > score but sneak past. They probably had a low score when they first showed > up, and only have a high score now that you run it through by hand some > hours (or even minutes) later. Hmm... I don't feel so lucky. ;-) I think the problem is SURBL points aren't being tallied or even calculated when a spam first comes in, therefore these messages don't get tagged. I tested it by sending a URL to my organization which grossly triggers SURBL, yet it goes through not being tagged as spam. Any thoughts on how I could troubleshoot this? And perhaps rectify it? Maybe some log I could view? The annoying thing is if I check a message manually with spamassassin at the command-line, it calculates the points correctly. Thoughts/Suggestions? Julian > > Grab the SARE rules and most of these will get caught I suspect. However, > if you are somehow unlucky enough to be on the leading edge of most batches, > you will probably always have some leaking through until SURBL can catch up. > > Loren
