Jump to content
toddcurry

Spamassassin -- Scores & User Tests

Recommended Posts

Gang,

 

I've got 3 probs with spamassassin and as a reseller, a lot of complaints about spam...

 

1. I added a bunch of tests from the spamassassin manual, with my own weights to scores. It looks like some of these tests are not being run at all.

 

>required_score 5.5
rewrite_header subject *****SPAM***** 
ok_locales en
ok_languages en
use_terse_report 0

score RCVD_IN_NJABL_RELAY 2
score RCVD_IN_SBL  2
score DRUG_ED_CAPS 4
score DRUG_ED_COMBO 4
score DRUG_ED_ONLINE 4
score DRUG_ED_SILD 4
score ONLINE_PHARMACY 4
score VIA_GAP_GRA 4
score SUBJECT_DRUG_GAP_VA 4
score DATE_IN_PAST_96_XX 4
score DATE_IN_PAST_06_12 2
score DATE_IN_FUTURE_96_XX 4
score DATE_IN_FUTURE_03_06 2
score ADDRESS_IN_SUBJECT 2
score HTML_MESSAGE 1
score BODY_ENHANCEMENT 3
score MORTGAGE_PITCH 3
score NOT_ADVISOR 3
score STOCK_ALERT 3
score STOCK_PICK 3
score SOME_BREAKTHROUGH 3
score UNIVERSITY_DIPLOMAS 4
score STRONG_BUY 4
score BAYES_95 3
score BAYES_99 4

 

I wonder if there isn't a master (server) set of rules, and when I happen to indicate a different scoring for a rule that IS on both my list and the server list of rules, that weighting is applied. However, if a rule is not on the server list, it is simply not run.

 

2. User tests. One mod gave us some code to insert in .userprefs to kill german hate spam. Another mod sez no user tests. I've tried to insert the famous "chickenpox" spam test, but it doesn't appear to be working. Furthermore, I've added simple tests just to screen for words **** and cialis. These aren't being called at all. Here are the simple ones...

 

>body VIAGRA_WORD /\bVIAGRA\b/i
score VIAGRA_WORD 2
describe VIAGRA_WORD this just adds fuel to the fire

body CIALIS_WORD /\bCIALIS\b/i
score CIALIS_WORD 2
describe CIALIS_WORD this just ramps up the score

body AEROFOAM /\baerofoam\b/i
score AEROFOAM 5
describe AEROFOAM  these jokers must die

body PHARM_WORD /\bPHARMACY\b/i
score PHARM_WORD 2
describe PHARM_WORD  a little more fuel, but i hope not enough to sink walgreens

 

3. Full reports -- I've turned off terse reports, but I'm not getting full reports, indicating all the tests that were run and the outcome. I've looked at the MAN pages. Any thoughts on this?

 

 

Thanks!

 

TC

Share this post


Link to post
Share on other sites

Here's one that should have been totally knocked out by the rules...

 

>Hi there,

Try our revolutionary product, C_I_A_L_I_S Soft Tabs. New improved formula makes it even better. 

Cialis Soft Tabs is the new impotence treatment drug that everyone is talking about. Cialis acts up to 36 hours, compare this to only two or three hours of **** action! The active ingredient is Tadalafil, same as in brand Cialis.

Simply dissolve half a pill under your tongue, 10 min before intercourse for the best erections you've ever had! Cialis also have less sidebacks (you can drive or mix alcohol drinks with them). No prior prescription is needed.

Worldwide shipping, thousands of happy customers!

You can get it at: http://bulwarking.com/soft/





World RX Direct can bring you quality Generic Drugs for a fraction of the cost of the expensive Brand Name equivalents.
Order our Tadalafil pills today and save 80%. We ship worldwide, and currently supply to over 1 million customers globally! We always strive to bring you the cheapest prices.

No thanks: http://bulwarking.com/rr.php

 

 

I realize that the rules I picked are overlapping (above) -- that was intentional, and probably a little overkill... By my scoring, this message should have had a tally of 28 on the standard rules alone, not including Bayes scoring. In addition, my over-the-top user rules would have put it even higher.

 

However, this message got through...

 

Very perplexing

Share this post


Link to post
Share on other sites

HI,

 

You need to look at the full headers of the email to work out where things are going wrong.

 

Alternatively - open a ticket at the help desk, and leave a copy of the emails on the server, so that we can have a look at it.

Share this post


Link to post
Share on other sites
HI,

 

You need to look at the full headers of the email to work out where things are going wrong.

 

Alternatively - open a ticket at the help desk, and leave a copy of the emails on the server, so that we can have a look at it.

 

Andy, I had meant to do so, but neglected. Here are the headers.

 

Some interesting things:

1. I put a weight of 4 on Bayes99, so I'm surprised that this message only gets to 4.2 points in total.

 

2. DRUGS_ERECTILE is not a standard SpamAssassin 3.x test -- see http://spamassassin.apache.org/tests_3_0_x.html. Is this a home-rolled test?

 

3. Notice that none of my tests (above) is referenced in the header. Reinforces my point #1 in my initial post.

 

Thanks,

 

Todd

 

 

>Return-path: <britneyfarrell71@ios.nlh.no>
Envelope-to: todd@DOMAIN.com
Delivery-date: Fri, 17 Jun 2005 10:10:36 -0400
Received: from DOMAIN by server10.totalchoicehosting.com with local-bsmtp (Exim 4.44)
id 1DjHYH-0000Qp-1Y
for todd@DOMAIN.com; Fri, 17 Jun 2005 10:10:36 -0400
Received: from [61.181.250.222] (helo=juicedesign.ie)
by server10.totalchoicehosting.com with smtp (Exim 4.44)
id 1DjHYC-0000PP-OC
for todd@DOMAIN.com; Fri, 17 Jun 2005 10:10:31 -0400
Received: from 38.184.225.125 by smtp.ios.nlh.no;
Fri, 17 Jun 2005 14:19:02 +0000
Message-ID: <0c3001c57347$f317b5b1$7c25f22e@juicedesign.ie>
From: "Britney Farrell" <britneyfarrell71@ios.nlh.no>
To: todd@DOMAIN.com
Subject: Make your wife happy
Date: Fri, 17 Jun 2005 07:18:31 -0700
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
server10.totalchoicehosting.com
X-Spam-Level: ****
X-Spam-Status: No, score=4.2 required=5.5 tests=BAYES_99,DRUGS_ERECTILE 
autolearn=no version=3.0.4

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...