You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alex <my...@gmail.com> on 2012/11/29 23:17:22 UTC
Trouble with bayes poisoning spam
Hi,
I have an example of spam that I just can't reliably detect:
http://pastebin.com/YuuLuA1x
It's basically some HTML with a URL to an ad for "Lantern with 9 LED
bulbs". I've trained hundreds of these, and they still report
BAYES_50. I've just tested it now, a few hours after having first
received it, and it's already being flagged by several URIBLs and is
hitting BAYES_99 since I've now trained it.
I was just wondering if there was something else that could be
triggered on in the header to catch these sooner? I'm assuming the
sending IP part of a botnet? I'm using v3.3.2 on fc15 with amavisd.
Thanks,
Alex
Re: Trouble with bayes poisoning spam
Posted by John Hardin <jh...@impsec.org>.
On Thu, 29 Nov 2012, Alex wrote:
> I have an example of spam that I just can't reliably detect:
>
> http://pastebin.com/YuuLuA1x
>
> I was just wondering if there was something else that could be
> triggered on in the header to catch these sooner? I'm assuming the
> sending IP part of a botnet? I'm using v3.3.2 on fc15 with amavisd.
I'm wondering why this didn't hit any rules:
font-size:4px;
That's too small to read and should be a good indicator of bayes poison,
just like setting the font to white.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
26 days until Christmas