Hi, On Fri, Apr 16, 2010 at 01:53:55PM +0200, Karsten Bräckelmann wrote: > On Fri, 2010-04-16 at 12:20 +0100, Matthew Newton wrote: > > We had a legitimate e-mail hit the JM_SOUGHT_3 yesterday. It also > > hit a few other rules that pushed it over our reject threshold of > > 10, and easily over the 'junk mail folder' level of 5. > > > > I managed to get them to send me the message, and it hits rule > > __SEEK_5ID3LI "Conti nuum Intern ational Publishing" (spaces > > added!) which is the name of their company. > > Makes one wonder how that string ends up quite massively in spam traps.
I did consider that. Without seeing the spam, of course, I can't say whether they are spamming or whether their name is being abused. All I have is a legitimate mail from them and a report that it is blocked. > > I know SOUGHT is an auto-generated ruleset; just wondering if > > there is there any way to remove false positives before the set is > > Yes. The Seek bits are cross-checked against a ham corpus, so the > easiest way is to inject an artificial ham message with the string in > question to get it off of the next run. OK, understood. > > generated? Otherwise I'll add local rules to compensate against > > this one. > > meta __SEEK_5ID3LI (0) > > The Seek ID is constant, and will be the same even with later Sought > runs, for a given string. Thought that might be the case from the codes - thanks for the confirmation. Cheers, Matthew -- Matthew Newton, Ph.D. <m...@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk>