Forgive me for not understanding the porn filtering capability of SA. I ran a new email (www.blarneystone.com/spam/spam2.txt) through the SA filter (I didn't munge the headers this time). Do I understand it that if an email like that was sent from a URL not yet blacklisted, it would be scored very low regardless of the high level of porn in it (I kicked it up a few notches to make it more obvious). Or is my SA scores for tagging porn messages just not functioning correctly?
Thanks, Jim Smith > -----Original Message----- > From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 09, 2006 6:47 PM > To: Jim Smith > Cc: users@spamassassin.apache.org > Subject: Re: SA frequently skipping rules > > Jim Smith wrote: > > I'm getting lots of spam that are skipping rules. One that > came in recently > > with lots of porn only got tagged for SORBS, NUMERIC HELO, > and UNPARSEABLE > > RELAY (I don't know what unparseable relay means but seems > like many emails > > have that lately). > > UNPARSEABLE_RELAY means that, wait for it, one of the relays in the > message headers (Received: headers) weren't parseable. > > > > The full headers & message (uncensored) of that example > > is at www.blarneystone.com/spam/spam.txt if that helps. > > Full headers? There's nothing left of those headers. That sample is > useless header wise. > > > > If you look at it you can tell that it should have kicked > off lots of porn > > tags but none were there and it sailed through with a 3.2 > score. This has > > only happened since I upgraded to SA 3.1.0. > > I don't see a single thing in the body that should have hit > any rules. > Except for some URIDNSBL rules [1] that you may or may not be > running, > but nothing content wise. > > > > I've run SA --lint -D without errors. I thought it might be some > > configuration left over from my older SA when I upgraded so > I did a clean > > install on a new machine and still have the same issue with > skipping of > > rules. BTW, I know the rules aren't missing from the > installation because > > they show up in other emails. A sporadic problem... my > favorite <sigh>. Any > > suggestions? > > Sparodic, as in, if you scan it again it hits different rules? > > > Daryl > > > [1] My hits on the sample... > > > Content analysis details: (11.2 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.0 UNPARSEABLE_RELAY Informational: message has unparseable > relay lines > 2.6 NO_DNS_FOR_FROM DNS: Envelope sender has no MX > or A DNS records > 1.1 URIBL_SBL Contains an URL listed in the > SBL blocklist > [URIs: otrfgrt.com] > 3.4 URIBL_JP_SURBL Contains an URL listed in the JP SURBL > blocklist > [URIs: otrfgrt.com] > 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL > blocklist > [URIs: otrfgrt.com] > 2.6 URIBL_OB_SURBL Contains an URL listed in the OB SURBL > blocklist > [URIs: otrfgrt.com] >
