SM <[EMAIL PROTECTED]> writes:
> Hi Pawel,
> At 01:36 16-08-2007, =?iso-8859-2?Q?Pawe=B3_T=EAcza?= wrote:
[...]
>>Is it not a new kind of spam and Spamassassin should be improved
>>to fight it? I'm not sure...
>
> No, it is not new. I posted the following reply a few days back regarding
> this
> type of message referred to as "punctuation spam".
>
> The message hits hit BAYES_99 and FRT_PRICE. As you did not include the
> headers, it's not possible to tell whether it would hit some of the "DYNAMIC"
> rules as well.
Hello mysterious SM! ;)
Thanks a lot for the reply and the explanation!
Here are the Spamassassin headers for one of a spam mail we received:
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on
anubis3.poczta.uw.edu.pl
X-Spam-Level: xxxxxxxxxxxxxxxxxxx
X-Spam-Status: Yes, score=19.3 required=5.0
tests=FH_HELO_EQ_D_D_D_D,FRT_PRICE,
FRT_STRONG1,FRT_SYMBOL,HTML_MESSAGE,MIME_QP_LONG_LINE,RCVD_IN_BL_SPAMCOP_NET
,
RCVD_IN_PBL,TVD_FUZZY_SYMBOL,TVD_STOCK1 autolearn=disabled
version=3.2.1
X-Spam-Report: =?ISO-8859-1?Q?
* 0.5 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
* 2.5 FRT_PRICE BODY: ReplaceTags: Price
* 3.6 FRT_SYMBOL BODY: ReplaceTags: Symbol
* 1.4 TVD_FUZZY_SYMBOL BODY: TVD_FUZZY_SYMBOL
* 2.9 FRT_STRONG1 BODY: ReplaceTags: Strong (1)
* 3.8 TVD_STOCK1 BODY: TVD_STOCK1
* 0.0 HTML_MESSAGE BODY: Wiadomo=b6=e6 zawiera kod HTML
* 1.8 MIME_QP_LONG_LINE RAW: Linia QP d=b3u=bfsza ni=bf 76
znak=f3w
* 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Odebrane od systemu klasy
RELAY w/g:
* bl.spamcop.net
* [Blocked - see
<http://www.spamcop.net/bl.shtml?89.191.164.221>]
* 0.5 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [89.191.164.221 listed in zen.spamhaus.org]?=
> Bill Landry suggested using chickenpox.cf and mangled.cf rules from SARE.
Thanks for the hint! I'll try a look at them.
>>The results is that spam was killing our MySQL database, because we
>>had ~50k queries per minute with INSERTs and UPDATEs of a many tokens.
>>The only one solution was to disable Bayes.
>
> MySQL can be optimized to handle such a load. If you aren't using InnoDB for
> Bayesian storage, switch to it.
Now I use MyISAM strorage backend, because I just created Bayesian
database using Spamassassin sql/bayes_mysql.sql file :)
Have a nice day,
Pawel
