You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "ROY,RHETT G" <IS...@womans.com> on 2005/04/15 18:07:46 UTC
Results of adding SARE rules
I recently added the conservative (mass-check testing hit ONLY spam) version
of all the SARE rules that had been updated in 2005. I figured that was as
good a place as any to start. So far so good. Thanks to the Ninjas.
Below are some related stats from my current maillog. I don't make any
claims to their validity or accuracy. Server config is spamd (SA 3.0.2)
being called as a content filter from Postfix. Postfix relays to a MS
Exchange server.
Anyone have observations or stats to compare?
Rhett Roy
top 10 individual SARE rule hits
1654 SARE_FROM_SPAM_WORD3
482 SARE_FROM_SPAM_WORD1
434 SARE_HEAD_SPAM
323 SARE_TOCC_COMBO1
302 SARE_URI_NO_THANKS
302 SARE_FROM_SPAM_WORD4
256 SARE_BOUNDARY_09
254 SARE_MSGID_IP
250 SARE_HEAD_XBEEN
204 SARE_REPLY_SPAMWORD1
total individual SARE rules that had one or more hits
277
total hits by SARE rule file
565 70_sare_header0.cf
200 70_sare_genlsubj0.cf
191 70_sare_specific.cf
130 70_sare_html0.cf
88 70_sare_evilnum0.cf
45 70_sare_uri0.cf
12 99_sare_fraud_post25x.cf
top 50 rule hits (SARE or other)
4898 RAZOR2_CF_RANGE_51_100
4814 RAZOR2_CHECK
3954 HTML_MESSAGE
3525 URIBL_SBL
3262 BAYES_99
3259 URIBL_OB_SURBL
2868 NO_RDNS
2815 DCC_CHECK
2541 URIBL_WS_SURBL
2499 DIGEST_MULTIPLE
1831 URIBL_SC_SURBL
1654 MIME_HTML_ONLY
1515 MSGID_FROM_MTA_ID
1227 URIBL_AB_SURBL
1147 BAYES_50
1012 HTML_90_100
994 HTML_80_90
950 HTML_IMAGE_RATIO_02
750 HTML_FONT_BIG
725 DRUGS_ERECTILE
682 MPART_ALT_DIFF
612 MIME_QP_LONG_LINE
612 DNS_FROM_AHBL_RHSBL
606 HTML_WEB_BUGS
603 HTML_TEXT_AFTER_BODY
597 DNS_FROM_RFC_POST
569 HTML_TEXT_AFTER_HTML
566 SARE_FROM_SPAM_WORD3
532 NO_RDNS2
515 MARKETING_PARTNERS
503 EXCUSE_1
500 RCVD_NUMERIC_HELO
473 EXCUSE_3
459 HTML_TAG_EXIST_TBODY
414 SARE_HEAD_SPAM
400 BAYES_00
398 RCVD_HELO_IP_MISMATCH
382 HTML_IMAGE_ONLY_08
382 EXCUSE_7
374 HTML_IMAGE_RATIO_04
373 PRIORITY_NO_NAME
354 HTML_40_50
318 BAYES_80
310 HTML_50_60
310 DRUGS_ERECTILE_OBFU
302 SARE_URI_NO_THANKS
299 HTML_NONELEMENT_00_10
298 REMOVE_PAGE
296 MIME_HTML_MOSTLY
-SPAM blocked by RBL today-
3436 - sbl-xbl.spamhaus.org
565 - dnsbl.sorbs.net
535 - dnsbl.njabl.org
Total SMTP Connections
6008
Total Rejected By RBL
4803
Total Flagged By SA
431
Total Delivered
774
Percentage Delivered
12
Re: Results of adding SARE rules
Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.
Hi!
> 4898 RAZOR2_CF_RANGE_51_100
> 4814 RAZOR2_CHECK
> 3954 HTML_MESSAGE
> 3525 URIBL_SBL
> 3262 BAYES_99
> 3259 URIBL_OB_SURBL
> 2868 NO_RDNS
> 2815 DCC_CHECK
> 2541 URIBL_WS_SURBL
> 2499 DIGEST_MULTIPLE
> 1831 URIBL_SC_SURBL
> 1654 MIME_HTML_ONLY
> 1515 MSGID_FROM_MTA_ID
> 1227 URIBL_AB_SURBL
It looks you are missing JP_SURBL, might be good to add it sinec its in
the multi list also...
urirhssub URIBL_JP_SURBL multi.surbl.org. A 64
body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
tflags URIBL_JP_SURBL net
score URIBL_JP_SURBL 4.0
Something like that.
Bye,
Raymond.