----- Original Message ----- From: "Beast" <[EMAIL PROTECTED]> Cc: <users@spamassassin.apache.org> Sent: Monday, July 31, 2006 9:08 AM Subject: Re: spam not detected
> Loren Wilton wrote: > >> > >> *X-Spam-Status:* No, score=3.8 required=5.2 > >> tests=BAYES_99,FORGED_RCVD_HELO, > >> HTML_50_60,HTML_MESSAGE autolearn=disabled version=3.1.4 > > > > Bayes is doing fine. You can't get much better than Bayes_99 as a > > spam indicator. > > > > On the other hand, having Bayes_99 and three other positive rules only > > sum to 3.8 seems a little strange. On a modern SA Bayes_99 should be > > scoring up around 4.5 I believe. So you must have local rule scores > > that are decreasing that score. I'd suggest considering taking > > bayes_90 and Bayes_99 back to about their default scores. > Is there any way to check that some rules are overwrite the default value? > > >> CAjRTIER > >> TIjFFANY & CO > >> BVjLGARI > >> OMjEGA > >> ROjLEX > >> PAjTEK > >> BRjEITLING > > > > You obviously aren't running network tests. These little puppies hit > > on SURBL just fine, unless you are one of the unlucky few that are > > just at the leading edge of a spam run. The net tests would probably > > stop these all by themselves. > I have bandwidth constraint, so doing network test would just slow > things down. In fact many nestwork test (DNSBL etc) are done in postfix. > > > > I haven't checked to see if we have a handful of SARE rules for these > > particular things. But I'm a little surprised that at least a few > > SARE rules don't show up. This makes me think you may not have any > > add-on rulesets either. You might consider adding some, or maybe even > > quite a few if there is a good reason you aren't running network > > tests. www.rulesemporium.com. > Any suggestion how to block this kind of spam? > > [EMAIL PROTECTED] spamassassin]# ls -l /etc/mail/spamassassin/ > total 1520 > -rw-r--r-- 1 root root 31854 Jun 1 2004 70_sare_adult.cf > -rw-r--r-- 1 root root 3839 Jun 2 2005 70_sare_bayes_poison_nxm.cf > -rw-r--r-- 1 root root 120154 Sep 23 2005 70_sare_header0.cf > -rw-r--r-- 1 root root 137436 Sep 23 2005 70_sare_header1.cf > -rw-r--r-- 1 root root 59037 Sep 23 2005 70_sare_header2.cf > -rw-r--r-- 1 root root 80967 Sep 23 2005 70_sare_header3.cf > -rw-r--r-- 1 root root 224440 Sep 23 2005 70_sare_header.cf > -rw-r--r-- 1 root root 95279 Oct 6 2005 70_sare_html.cf > -rw-r--r-- 1 root root 58118 Sep 23 2005 70_sare_obfu0.cf > -rw-r--r-- 1 root root 97771 Sep 23 2005 70_sare_obfu1.cf > -rw-r--r-- 1 root root 3547 Sep 23 2005 70_sare_obfu2.cf > -rw-r--r-- 1 root root 9163 Sep 23 2005 70_sare_obfu3.cf > -rw-r--r-- 1 root root 4900 Oct 2 2005 70_sare_obfu4.cf > -rw-r--r-- 1 root root 155889 Sep 23 2005 70_sare_obfu.cf > -rw-r--r-- 1 root root 11298 Sep 23 2005 70_sare_oem.cf > -rw-r--r-- 1 root root 17656 Sep 23 2005 70_sare_random.cf > -rw-r--r-- 1 root root 59281 Sep 23 2005 70_sare_specific.cf > -rw-r--r-- 1 root root 7029 May 27 2005 70_sare_spoof.cf > -rw-r--r-- 1 root root 5172 Jul 30 2004 70_sare_unsub.cf > -rw-r--r-- 1 root root 15511 Nov 17 2004 72_sare_redirect_post3.0.0.cf > -rw-r--r-- 1 root root 10147 May 2 2004 99_sare_fraud_post25x.cf > -rw-r--r-- 1 root root 109810 Jun 22 2005 bogus-virus-warnings.cf > -rw-r--r-- 1 root root 935 May 2 2005 init.pre > -rw-r--r-- 1 root root 12326 Jul 28 13:10 local.cf > -rw-r--r-- 1 root root 2397 Sep 22 2005 v310.pre > -rw-r--r-- 1 root root 806 Jun 15 16:47 v312.pre > > > > -- > No virus found in this incoming message. > Checked by AVG Anti-Virus. > Version: 7.1.394 / Virus Database: 268.10.5/403 - Release Date: 28/07/2006 > Hi just ran thru your list of rules and i see "No index found for ruleset named SARE_OBFU4. Check that this ruleset is still valid." and do you need SARE_OBFU when you also have SARE_OBFU0 & SARE_OBFU1 ? Mark
