Matt Kettler wrote:
Jo Rhett wrote:
On Feb 7, 2007, at 8:31 PM, Matt Kettler wrote:
As for LW_STOCK_SPAM4, it's being triggered by the fact that the message
is base-64 encoded text AND has a Date: header that's missing a proper
timezone. Apparently a batch of stock spam went out at some point with
both of these abnormal features. I have to admit, it's a pretty rare
combination.
....
years now, and nearly every normal email system has caught up by now.
I get it for all crackberry messages. Can the rule be modified to
handle this?
In the standard config? No.. It's not a FP in the standard config, so
there's no reason to modify it.
Can you explain how this isn't an FP in the standard config? There's
absolutely nothing custom about my config, so what "standard" are you
applying here?
That said, you could whip up a quick ruleset to compensate.
header __RCVD_CRACKBERRY X-Spam-Relays-Untrusted =~
/rdns=[^=]{1,50}\.blackberry.com/
meta CRACKBERRY_B64 (MIME_BASE64_TEXT && __RCVD_CRACKBERRY)
describe CRACKBERRY_B64 Base64 encoded text from Blackberry.
score CRACKBERRY_B64 -1.5
Again, I have a 100% stock SA configuration. Why do I need a custom
rule to work around an FP in the ruleset?
While we're at it, why is there so much spam at your network that's
under 5?
Because some of my e-mail addresses have existed since ~1990 and are in
*every* spam database... and very few of my e-mail addresses aren't
published somewhere. So they get hammered, because I refuse to change
e-mail addresses to avoid spam.
