On Sun, 2014-05-11 at 11:11 +0200, Luca Bertoncello wrote:
> Of course, it's not enough for a baysian test.
> The report is just:
>
> * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
> * -0.0 SPF_PASS SPF: Senderechner entspricht SPF-Datensatz
> * 1.2 RDNS_NONE Delivered to internal network by a host with no rDNS
No matter how short a mail is, that is NOT the reason for "no Bayes". SA
does use its Bayesian classifier on any mail regardless of length. Even
a short body text is sufficient. Plus, Bayes actually uses a lot more
sources than the plain body -- user visible headers, as well as commonly
invisible headers.
That snippet shows absolutely no BAYES_* rule hit. Which suggests it is
either disabled, or not (yet) functional due to insufficient training.
> Could someone help me to write a rule to block these E-Mails?
SA does not block...
As for help with rules, also see the other sub-thread. We need a full
sample -- including the X-Spam headers.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
