You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Martin Hepworth <ma...@solid-state-logic.com> on 2004/12/22 12:42:03 UTC

Re: {Spam?} spam with (rolex) watches gets trough

Thomas

what extra rules above the standard SA ones have you got? Any from 
www.rulesemporium.com ?

also have you got the URI rbl's turned on? This helps quite alot for 
this sort of spam.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

Thomas Arend wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello, 
> 
> I'm geting a lot of spam messages about rolex watches (see example below), 
> which were not scored as spam. Only the bayes test applies, which gives only 
> a score of 4.1
> 
> Thomas 
> 
> Example Message:

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

Re: {Spam?} spam with (rolex) watches gets trough

Posted by Thomas Arend <ml...@arend-whv.info>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Mittwoch, 22. Dezember 2004 12:42 schrieb Martin Hepworth:
> Thomas
>
> what extra rules above the standard SA ones have you got? Any from
> www.rulesemporium.com ?

I have only the standard rules from SA 3.0.2

>
> also have you got the URI rbl's turned on? This helps quite alot for
> this sort of spam.

Thanks, I just checked it with spamassassin and got URI checks.
A check on /etc/sysconfig/spamd on SuSE 9.1 showed -L option activated - 
removed it. Now the message gets "fine" scores.

Thanks

Thomas
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
[..]

- -- 
icq:133073900
aim:tawhv
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFByWC2He2ZLU3NgHsRAtYZAJ9LLkbu57mA61s4ppz9bbsAjE38qQCgiCC4
m10nVk6gTsVeoxdwIP1sOak=
=7ifw
-----END PGP SIGNATURE-----

Re: {Spam?} spam with (rolex) watches gets trough

Posted by Jim Barry <ji...@jbarry.net>.

On Wed, December 22, 2004 6:42 am, Martin Hepworth said:
> also have you got the URI rbl's turned on? This helps quite alot for this
> sort of spam.

Indeed.

That forwarded message ended up tagged as spam the URI checks are what
caught it... even the AWL wasn't enough to save it. :)

SpamAssassin (score=5.826, required 5,
     AWL -8.43, BAYES_50 0.40, RAZOR2_CF_RANGE_51_100 1.75,
     RAZOR2_CHECK 1.75, URIBL_AB_SURBL 0.42, URIBL_OB_SURBL 3.21,
     URIBL_SBL 1.00, URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 1.46)