-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Philip, See inline..
Philip Mak wrote: > I'm getting about 50+ per day of these spams not being caught by > SpamAssassin (SpamAssassin version 3.1.1 running on Perl version > 5.8.4). There's two types: > > 1. Lose weight type spam, uses bad English e.g. "yrs" instead of > "years", "u" instead of "you", "ur" instead of "your", talks about not > having talked to the recipient in years > > http://www.aaanime.net/pmak/spam/2006-05-27/1.txt X-Spam-Status: Yes, score=23.0 required=6.0 tests=BAYES_60,DK_POLICY_SIGNSOME, RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK, RCVD_IN_XBL,SPF_NEUTRAL,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL, URIBL_OB_SURBL,URIBL_SBL autolearn=spam version=3.1.2 > http://www.aaanime.net/pmak/spam/2006-05-27/2.txt X-Spam-Status: Yes, score=21.1 required=6.0 tests=BAYES_99, RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK, RCVD_IN_XBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL autolearn=spam version=3.1.2 > http://www.aaanime.net/pmak/spam/2006-05-27/3.txt X-Spam-Status: Yes, score=15.5 required=6.0 tests=BAYES_95, RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK, RCVD_IN_NJABL_DUL,RCVD_IN_XBL,URIBL_BLACK,URIBL_WS_SURBL autolearn=spam version=3.1.2 > > These spams all have different URLs, but if you visit them they're > exactly the same site. The first two resolve to the same IP address > too, though the third doesn't despite having the same content. > > 2. Homeowner credit, or something > > http://www.aaanime.net/pmak/spam/2006-05-27/a.txt X-Spam-Status: Yes, score=18.1 required=6.0 tests=BAYES_99,CM_MISC_GEOC, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,WEB_403 autolearn=spam version=3.1.2 > http://www.aaanime.net/pmak/spam/2006-05-27/b.txt X-Spam-Status: Yes, score=14.2 required=6.0 tests=BAYES_99,CM_MISC_GEOC, RCVD_IN_BL_SPAMCOP_NET,WEB_403 autolearn=spam version=3.1.2 > These spams keep slipping through SpamAssassin consistently. Most of > my false negatives are variants of the messages I posted above. Any > suggestions on how to block them? Razor and multi.uribl.com RBL for the first 3, the WebRedirect plugin and a rule which gives any geocities URL a healthy dose of points (a la http://fukka.co.uk/sa-rules/local/misc.cf) for the second 2. XBL and spamcop (no flames please) for all, plus make sure you get your bayes trained on this type of spam to drive the score up there, too. Mine doesn't do so well because I haven't seen much of this spam. C. - -- Craig McLean http://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD4DBQFEeKisMDDagS2VwJ4RAoXKAJ96gIM5e6t2whxcVdkE6E1gDXv5IQCYxvIU QEzXO9X18bskPa9UhTusMw== =ZLh6 -----END PGP SIGNATURE-----
