Re: Mail Filter Recommendations

Tue, 07 Apr 2015 15:39:08 -0700 

Hi,


Here's a couple of example spams that are the kind which are slipping
through constantly.  Some of the them get caught, others do not.

http://pastebin.com/UH5BA6zs
http://pastebin.com/esEz1a4J


Neither of those is matching on much of anything useful


a well trained bayes would catch both (our milter-reject score is 8.0)

http://pastebin.com/UH5BA6zs:
Content analysis details:   (17.1 points, 5.5 required)

  pts rule name              description
---- ----------------------
--------------------------------------------------
  5.0 NO_DNS_FOR_FROM        DNS: Envelope sender has no MX or A DNS
records
  2.1 TO_MALFORMED           To: has a malformed address
-0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
                             domain
  5.0 BAYES_80               BODY: Bayes spam probability is 80 to 95%
                             [score: 0.9337]
  4.0 MSGID_NOFQDN1          Message-ID with no domain name
  1.0 INVALID_MSGID          Message-Id is not valid, according to RFC 2822
I think the reason it didn't match on anything useful for the OP is because he doesn't have the latest RegisterBoundaries.pm.
If he had the latest, it would have at least matched the MSGID and MALFORMED rules. 

Select the download link here:

http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Util/RegistrarBoundaries.pm?view=log

I believe this works with at least 3.4.0 or is it only 3.4.1?

Regards,
Alex










http://pastebin.com/esEz1a4J
Content analysis details:   (32.0 points, 5.5 required)

  pts rule name              description
---- ----------------------
--------------------------------------------------
  7.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                             [score: 1.0000]
  1.5 FROM_STARTS_WITH_NUMS  From: starts with several numbers
  2.1 TO_MALFORMED           To: has a malformed address
  4.5 CUST_DNSBL_7           RBL: b.barracudacentral.org
                             [209.61.252.171 listed in
b.barracudacentral.org]
  3.0 DKIM_ADSP_NXDOMAIN     No valid author signature and domain not in
DNS
  5.0 NO_DNS_FOR_FROM        DNS: Envelope sender has no MX or A DNS
records
  0.4 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                             [score: 1.0000]
  0.5 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)
  2.5 RDNS_NONE              Delivered to internal network by a host
with no rDNS
  4.0 MSGID_NOFQDN1          Message-ID with no domain name
  1.0 INVALID_MSGID          Message-Id is not valid, according to RFC 2822

Reply via email to