On Tue, 2013-06-18 at 11:18 -0600, Amir 'CG' Caspi wrote: > At 8:58 AM -0400 06/18/2013, Ben Johnson wrote: > >a.) You are copying/pasting the body of the email, but not the headers. > > No, I am copying the headers... however, I am using Eudora (ancient, > I know) as a mail client, and it's possible the headers are not > properly formatted. For example, for SpamCop I have to use their > "workaround" script. I don't know what exactly is mal-formed, though. > Your headers look OK to me visually. After adding .pw to my banned countries list I ran it through my SA copy and got three URIBL hits and two of my rules (which work on headers) got hits too.
The main thing I notice is that there are only two Received: headers, and no envelope-From so IMO you're hoping for too much from the header-related SA rules simply because there's very little for SA to get its teeth into. BTW, I just ran through 848 messages on this fairly average host (Lenovo R61i [Intel Core Duo at 1.6GHz, 3GB RAM) running Fedora 18. The first run averaged 1095 mS/message and the second averaged 96 mS/message, so I don't think John's STYLE_GIBBERISH rule is doing any harm. Part of the speed-up between runs will be due to buffer/RAM optimisation but the script I used for the second run does fractionally less processing on the spamc output and almost certainly a lot of the difference is due to caching in my local DNS (on a separate local host). Martin
