You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Shawn R. Beairsto" <sb...@dkl.com> on 2005/02/28 15:00:27 UTC

****SPAM(14.9)**** RE: Porn E-Mail

SpamAssassin, running on "mail.dailyhills.com", has identified this incoming
email as possible spam.  The original message has been attached to this
email so you can view it (if it isn't spam).
If you have any questions, contact postmaster@dailyhills.com for details.

Content preview:  If you are running the 70_SARE_HTML1.CF file, increase 
  the value of SARE_HTML_A_HIDE in your local.cf... this spammer always 
  hits this rule. I've been doing this for several months now, with no 
  false positives. I've set mine to 3 points (5 required). [...] 

Content analysis details:   (14.9 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS               SPF: sender matches SPF record
 2.5 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50%
                            [cf: 100]
-0.4 BAYES_05               BODY: Bayesian spam probability is 1 to 5%
                            [score: 0.0425]
 2.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 1.0 URIBL_SBL              Contains an URL listed in the SBL blocklist
                            [URIs: kytheras.com]
 0.4 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL blocklist
                            [URIs: kytheras.com]
 1.5 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL blocklist
                            [URIs: kytheras.com]
 3.2 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL blocklist
                            [URIs: kytheras.com]
 4.3 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL blocklist
                            [URIs: kytheras.com]

---- ---------------------- --------------------------------------------------

Re[2]: Porn E-Mail

Posted by Robert Menschel <Ro...@Menschel.net>.
Hello Shawn,

Monday, February 28, 2005, 6:00:27 AM, you wrote:

SRB> If you are running the 70_SARE_HTML1.CF file, increase the value
SRB> of SARE_HTML_A_HIDE in your local.cf... this spammer always hits
SRB> this rule. I've been doing this for several months now, with no
SRB> false positives. I've set mine to 3 points (5 required).

But be warned, the reason this rule is in HTML1 instead of HTML0 is
that it /does/ hit ham -- 17 ham across 3 SARE corpora (at least one
ham in each corpus).

Bob Menschel