Re: Further information on tweaking tips...

Fri, 10 Apr 2009 11:29:33 -0700 

On Fri, 2009-04-10 at 14:05 -0400, martes wrote:
> Thanks for the tips guys.
> 
> In response to the simpler of the two inquiries, after using the
> syslog switch, I am only able to get the logs sent directly to
> spamd.log, so the frequent archiving that syslogd does is not going to
> be done for this file.  I guess this is good enough for now.
> 
> However, I do have a log for one of the examples that I have provided.

Mine scores that at 16.
X-Spam-Status: Yes, score=16.0 required=5.0 tests=BARE_GEOCITIES,BOTNET_OTHER,
        KB_RATWARE_MSGID,MSGID_FROM_MTA_HEADER,RCVD_IN_BL_SPAMCOP_NET,
        RCVD_IN_BRBL_RELAY,RCVD_IN_PBL,RCVD_IN_XBL,TO_MALFORMED,
        XMAILER_MIMEOLE_OL_4BF4C autolearn=disabled version=3.2.5
X-Spam-Report: 
        *  0.0 TO_MALFORMED To: has a malformed address
        *  2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in 
bl.spamcop.net
        *      [Blocked - see <http://www.spamcop.net/bl.shtml?121.58.201.246>]
        *  2.0 RCVD_IN_BRBL_RELAY RBL: received via a relay rated as poor by
        *      Barracuda
        *      [121.58.201.246 listed in b.barracudacentral.org]
        *  0.5 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
        *      [121.58.201.246 listed in zen.spamhaus.org]
        *  2.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
        *  3.0 BARE_GEOCITIES URI: Body contains spammed domain
        *  3.0 KB_RATWARE_MSGID Ratware Message-Id
        *  0.4 XMAILER_MIMEOLE_OL_4BF4C XMAILER_MIMEOLE_OL_4BF4C
        *  1.5 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
        *  0.5 BOTNET_OTHER BOTNET_OTHER

> http://pastebin.com/d6fe63bd6

The only custom rule that it hit was:
uri  BARE_GEOCITIES   m'^http://geocities\.com\b'i
describe BARE_GEOCITIES Body contains spammed domain
score   BARE_GEOCITIES 3.0
if you don't count the baracuda rule:
# URL: http://www.barracudacentral.org/rbl/
header __RCVD_IN_BRBL           eval:check_rbl('brbl-lastexternal', 
'b.barracudacentral.org')
describe __RCVD_IN_BRBL         received via a relay in b.barracudacentral.org
header RCVD_IN_BRBL_RELAY       eval:check_rbl_sub('brbl-lastexternal', 
'127.0.0.2')
tflags RCVD_IN_BRBL_RELAY       net
describe        RCVD_IN_BRBL_RELAY      received via a relay rated as poor by 
Barracuda
score           RCVD_IN_BRBL_RELAY      2.00

-- 
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to