> X-Spam-Checker-Version: SpamAssassin 3.x.x (2007-02-13) on mail.infodev.fr
Why is your SA version a state secret? Taking a guess -- based on the
build date, it is 3.1.8 (released exactly that day) or earlier. *shrug*
> X-Spam-Level: *****
> X-Spam-Status: No, score=5.9 required=6.2 tests=BAYES_50,HTML_MESSAGE,
> MR_NOT_ATTRIBUTED_IP,RCVD_IN_DYNABLOCK,RCVD_IN_SORBS,RCVD_IN_SORBS_DUL,
> URIBL_SBL autolearn=no version=3.x.x
As Duane and Evan already pointed out, a required_score 5.0 threshold is
the default, and would have classified this message as spam. (Dudes,
hint, he included the full headers. ;)
There's nothing wrong with being paranoid and raising this slightly if
you prefer. However, more spam sneaking through is to be expected, and
you either will have to write your own rules to counter it, or live with
more FNs. You raised that value deliberately.
> From: Les pilules ici <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Ne vous inquietez pas, EuroPharmacie fait tout pour vous
> Date: Fri, 20 Jun 2008 13:37:14 +0100
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_0006_01C8D2DA.BFA4A100"
> X-Mailer: Microsoft Office Outlook, Build 11.0.6353
> Thread-Index: Aca6QD7U3RN590OEV2WE4I10P15S8U==
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
> Message-ID: <[EMAIL PROTECTED]>
^^^^^^^^
This is a spam alright. :) This line alone tells me. See bug 5830. [1]
Here's an easy rule that triggers on about 10% spam with no FPs in
nightly mass-checks [2]. (The 2 ham hits are already verified to be a
dirty corpus and being removed from the ham corpus.)
Enjoy
guenther
# Ratware generated 8$8$8 style Message-Ids, broken Microsoft Outlook forgery.
# The first hex is some time token, but the leading 4 chars are missing. See
# HeaderEval.pm::check_outlook_message_id().
header __KB_MSGID_OUTLOOK_888 Message-Id =~
/^<[0-9a-f]{8}(?:\$[0-9a-f]{8}){2}\@/
header __KB_OUTLOOK_MUA X-Mailer =~ /^Microsoft (?:Office )?Outlook\b/
meta KB_RATWARE_MSGID __KB_MSGID_OUTLOOK_888 && __KB_OUTLOOK_MUA
describe KB_RATWARE_MSGID Ratware Message-Id
score KB_RATWARE_MSGID 3.0
[1] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5830
[2] http://ruleqa.spamassassin.org/20080620-r669824-n/KB_RATWARE_MSGID/detail
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
