toddcurry Posted June 17, 2005 Posted June 17, 2005 Gang, I've got 3 probs with spamassassin and as a reseller, a lot of complaints about spam... 1. I added a bunch of tests from the spamassassin manual, with my own weights to scores. It looks like some of these tests are not being run at all. >required_score 5.5 rewrite_header subject *****SPAM***** ok_locales en ok_languages en use_terse_report 0 score RCVD_IN_NJABL_RELAY 2 score RCVD_IN_SBL 2 score DRUG_ED_CAPS 4 score DRUG_ED_COMBO 4 score DRUG_ED_ONLINE 4 score DRUG_ED_SILD 4 score ONLINE_PHARMACY 4 score VIA_GAP_GRA 4 score SUBJECT_DRUG_GAP_VA 4 score DATE_IN_PAST_96_XX 4 score DATE_IN_PAST_06_12 2 score DATE_IN_FUTURE_96_XX 4 score DATE_IN_FUTURE_03_06 2 score ADDRESS_IN_SUBJECT 2 score HTML_MESSAGE 1 score BODY_ENHANCEMENT 3 score MORTGAGE_PITCH 3 score NOT_ADVISOR 3 score STOCK_ALERT 3 score STOCK_PICK 3 score SOME_BREAKTHROUGH 3 score UNIVERSITY_DIPLOMAS 4 score STRONG_BUY 4 score BAYES_95 3 score BAYES_99 4 I wonder if there isn't a master (server) set of rules, and when I happen to indicate a different scoring for a rule that IS on both my list and the server list of rules, that weighting is applied. However, if a rule is not on the server list, it is simply not run. 2. User tests. One mod gave us some code to insert in .userprefs to kill german hate spam. Another mod sez no user tests. I've tried to insert the famous "chickenpox" spam test, but it doesn't appear to be working. Furthermore, I've added simple tests just to screen for words **** and cialis. These aren't being called at all. Here are the simple ones... >body VIAGRA_WORD /\bVIAGRA\b/i score VIAGRA_WORD 2 describe VIAGRA_WORD this just adds fuel to the fire body CIALIS_WORD /\bCIALIS\b/i score CIALIS_WORD 2 describe CIALIS_WORD this just ramps up the score body AEROFOAM /\baerofoam\b/i score AEROFOAM 5 describe AEROFOAM these jokers must die body PHARM_WORD /\bPHARMACY\b/i score PHARM_WORD 2 describe PHARM_WORD a little more fuel, but i hope not enough to sink walgreens 3. Full reports -- I've turned off terse reports, but I'm not getting full reports, indicating all the tests that were run and the outcome. I've looked at the MAN pages. Any thoughts on this? Thanks! TC Quote
toddcurry Posted June 17, 2005 Author Posted June 17, 2005 Here's one that should have been totally knocked out by the rules... >Hi there, Try our revolutionary product, C_I_A_L_I_S Soft Tabs. New improved formula makes it even better. Cialis Soft Tabs is the new impotence treatment drug that everyone is talking about. Cialis acts up to 36 hours, compare this to only two or three hours of **** action! The active ingredient is Tadalafil, same as in brand Cialis. Simply dissolve half a pill under your tongue, 10 min before intercourse for the best erections you've ever had! Cialis also have less sidebacks (you can drive or mix alcohol drinks with them). No prior prescription is needed. Worldwide shipping, thousands of happy customers! You can get it at: http://bulwarking.com/soft/ World RX Direct can bring you quality Generic Drugs for a fraction of the cost of the expensive Brand Name equivalents. Order our Tadalafil pills today and save 80%. We ship worldwide, and currently supply to over 1 million customers globally! We always strive to bring you the cheapest prices. No thanks: http://bulwarking.com/rr.php I realize that the rules I picked are overlapping (above) -- that was intentional, and probably a little overkill... By my scoring, this message should have had a tally of 28 on the standard rules alone, not including Bayes scoring. In addition, my over-the-top user rules would have put it even higher. However, this message got through... Very perplexing Quote
TCH-Andy Posted June 17, 2005 Posted June 17, 2005 HI, You need to look at the full headers of the email to work out where things are going wrong. Alternatively - open a ticket at the help desk, and leave a copy of the emails on the server, so that we can have a look at it. Quote
toddcurry Posted June 17, 2005 Author Posted June 17, 2005 HI, You need to look at the full headers of the email to work out where things are going wrong. Alternatively - open a ticket at the help desk, and leave a copy of the emails on the server, so that we can have a look at it. <{POST_SNAPBACK}> Andy, I had meant to do so, but neglected. Here are the headers. Some interesting things: 1. I put a weight of 4 on Bayes99, so I'm surprised that this message only gets to 4.2 points in total. 2. DRUGS_ERECTILE is not a standard SpamAssassin 3.x test -- see http://spamassassin.apache.org/tests_3_0_x.html. Is this a home-rolled test? 3. Notice that none of my tests (above) is referenced in the header. Reinforces my point #1 in my initial post. Thanks, Todd >Return-path: <britneyfarrell71@ios.nlh.no> Envelope-to: todd@DOMAIN.com Delivery-date: Fri, 17 Jun 2005 10:10:36 -0400 Received: from DOMAIN by server10.totalchoicehosting.com with local-bsmtp (Exim 4.44) id 1DjHYH-0000Qp-1Y for todd@DOMAIN.com; Fri, 17 Jun 2005 10:10:36 -0400 Received: from [61.181.250.222] (helo=juicedesign.ie) by server10.totalchoicehosting.com with smtp (Exim 4.44) id 1DjHYC-0000PP-OC for todd@DOMAIN.com; Fri, 17 Jun 2005 10:10:31 -0400 Received: from 38.184.225.125 by smtp.ios.nlh.no; Fri, 17 Jun 2005 14:19:02 +0000 Message-ID: <0c3001c57347$f317b5b1$7c25f22e@juicedesign.ie> From: "Britney Farrell" <britneyfarrell71@ios.nlh.no> To: todd@DOMAIN.com Subject: Make your wife happy Date: Fri, 17 Jun 2005 07:18:31 -0700 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on server10.totalchoicehosting.com X-Spam-Level: **** X-Spam-Status: No, score=4.2 required=5.5 tests=BAYES_99,DRUGS_ERECTILE autolearn=no version=3.0.4 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.