You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jason Holbrook <jh...@empoweris.com> on 2007/11/29 22:53:07 UTC
Do I need a custom rule?
Hello all:
Everything I have read indicates to me that I should stay away from
custom rules. My SA setup defines spam as a message with a score over 6,
ie ssssss. I have been getting a few messages that pop through that are
scored 5 sssss and are definitely spam. An example of the messages are
below.
****** My spam info used to be here******
Had to remove it to post message
I am wondering should I create a custom rule that would affect these
types of messages. I have lowered my SPAM threshold to 5?
I am still new to SA so forgive if this is a newbie question.
BTW if any header info is needed I will be happy to provide.
Best Regards,
Jason Holbrook
Chief Technology Integrator / Partner
Empower Information Systems
jholbrook@empoweris.com
weblog.empoweris.com
www.empoweris.com
Skype: holbrook.jason
Gtalk: jaholbrook
757-320-2667 (Direct)
757-273-9399 (office)
757-715-1944 (cell)
866-477-1544 (toll free)
This message is being sent by or on behalf of Empower Information
Systems. It is intended exclusively for the individual or entity to
which it is addressed. This communication may contain information that
is proprietary, privileged or confidential or otherwise legally exempt
from disclosure. If you are not the named addressee, you are not
authorized to read, print, retain, copy or disseminate this message or
any part of it. If you have received this message in error, please
notify the sender Jason Holbrook immediately by e-mail
jholbrook@empoweris.com and delete all copies of this message.
Empower Information Systems operates under a zero spam policy. If you
believe this message to be spam, please contact abuse@empoweris.com
Re: Do I need a custom rule?
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Jason Holbrook wrote:
> Hello all:
>
> Everything I have read indicates to me that I should stay away from
> custom rules. My SA setup defines spam as a message with a score over 6,
> ie ssssss. I have been getting a few messages that pop through that are
> scored 5 sssss and are definitely spam. An example of the messages are
> below.
> ****** My spam info used to be here******
> Had to remove it to post message
> I am wondering should I create a custom rule that would affect these
> types of messages. I have lowered my SPAM threshold to 5?
The first thing you should do is determine why the ASF server rejected
it given that it's reject threshold is 10.0. If it's due to a time
affected test, such as a DNSBL or URIBL hit, then continue to look for a
solution to your problem. If it wasn't rejected for a DNS based test,
look for the reason why your machine didn't hit on the same rules that
the ASF machine did.
Daryl
Re: Do I need a custom rule?
Posted by "John D. Hardin" <jh...@impsec.org>.
On Thu, 29 Nov 2007, Jason Holbrook wrote:
> Everything I have read indicates to me that I should stay away from
> custom rules.
Goodness. Where are you reading that? The customizability of SA is
its great attraction when compared to a black-box proprietary spam
filter.
> ****** My spam info used to be here******
>
> Had to remove it to post message
Copy the full message, including all headers, as a text file onto a
web server you control and post the URL here.
> I am wondering should I create a custom rule that would affect
> these types of messages.
Before considering rolling your own rules, try leveraging the
experience and skills of others. Poke around
http://www.rulesemporium.com/ and http://www.rulesemporium.com/
and see if some of the rulesets there would address your problem.
Also, make sure you have URIBL checking enabled. Checking domain names
in the message body is a very effective method.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
26 days until Christmas