You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matus UHLAR - fantomas <uh...@fantomas.sk> on 2021/10/05 11:40:57 UTC
Re: FSL_BULK_SIG in 72_active.cf
>>>>>> It hits Pyzor for some reason. Get a PYZOR_CHECK=1.985.
>>>>>>Must've picked the wrong checksum, chief!
>>>>>>
>>>>>>It does not appear that the actual rule matches the spirit of the rule.
>>>>On 23.09.21 22:07, Kevin A. McGrail wrote:
>>>>>Jared, looks to me like an FP in Pyzor.
>>>On Sat, 25 Sep 2021, Matus UHLAR - fantomas wrote:
>>>>RAZOR, PYZOR and DCC often hit on e-mail with short or no text and
>>>>attachments. (Haven't done stats tho, I can look during workweek.)
>>>>
>>>>Thus, FSL_BULK_SIG tends to hit on such e-mail because they don't have
>>>>unsubscribe header.
>>On 25.09.21 13:19, John Hardin wrote:
>>>Perhaps it needs a short-message exclusion?
>On Sat, 25 Sep 2021, Matus UHLAR - fantomas wrote:
>>short messages with attachments. if you have an idea how, I'll be
>>glad to try.
On 25.09.21 15:04, John Hardin wrote:
>I've done some masscheck review and tuning of it, added avoidance of
>hits on very short messages.
I'm afraid it did not help.
It seems that PYZOR_CHECK and DCC_CHECK hit on such mail often and
FSL_BULK_SIG pushes such mail easily over default spam score.
I just analyze a few samples, a few also hit GMD_PDF_EMPTY_BODY
with sa -D, many of them hit __HTML_LENGTH_1024_1536
(damn microsoft! 1k of "empty" message).
OK, I will work around locally.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)
Re: FSL_BULK_SIG in 72_active.cf
Posted by John Hardin <jh...@impsec.org>.
On Tue, 5 Oct 2021, Matus UHLAR - fantomas wrote:
>>>>>>> It hits Pyzor for some reason. Get a PYZOR_CHECK=1.985. Must've
>>>>>>> picked the wrong checksum, chief!
>>>>>>>
>>>>>>> It does not appear that the actual rule matches the spirit of the
>>>>>>> rule.
>
>>>>> On 23.09.21 22:07, Kevin A. McGrail wrote:
>>>>>> Jared, looks to me like an FP in Pyzor.
>
>>>> On Sat, 25 Sep 2021, Matus UHLAR - fantomas wrote:
>>>>> RAZOR, PYZOR and DCC often hit on e-mail with short or no text and
>>>>> attachments. (Haven't done stats tho, I can look during workweek.)
>>>>>
>>>>> Thus, FSL_BULK_SIG tends to hit on such e-mail because they don't have
>>>>> unsubscribe header.
>
>>> On 25.09.21 13:19, John Hardin wrote:
>>>> Perhaps it needs a short-message exclusion?
>
>> On Sat, 25 Sep 2021, Matus UHLAR - fantomas wrote:
>>> short messages with attachments. if you have an idea how, I'll be glad to
>>> try.
>
> On 25.09.21 15:04, John Hardin wrote:
>> I've done some masscheck review and tuning of it, added avoidance of hits
>> on very short messages.
>
> I'm afraid it did not help.
> It seems that PYZOR_CHECK and DCC_CHECK hit on such mail often and
> FSL_BULK_SIG pushes such mail easily over default spam score.
>
> I just analyze a few samples, a few also hit GMD_PDF_EMPTY_BODY with sa -D,
> many of them hit __HTML_LENGTH_1024_1536
> (damn microsoft! 1k of "empty" message).
>
> OK, I will work around locally.
I noticed the PDF attachment hit in masschecks, but presumed (since the
attachments were images) that it wasn't germane to the OP's problem. I
should have added an exclusion for that as well. I will later today,
work is booting up... :)
I'd be interested in the rule hits if you're willing to share.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Are you a mildly tech-literate politico horrified by the level of
ignorance demonstrated by lawmakers gearing up to regulate online
technology they don't even begin to grasp? Cool. Now you have a
tiny glimpse into a day in the life of a gun owner. -- Sean Davis
-----------------------------------------------------------------------
493 days since the first private commercial manned orbital mission (SpaceX)