MCP suggestions
Billy A. Pumphrey
bpumphrey at WOODMACLAW.COM
Mon Jul 11 17:15:43 IST 2005
>
> Billy A. Pumphrey wrote:
> <snip>
> >
> > I don't want to put vague rules in there and have false positives.
Here
> > is an example email that slipped through:
> >
> <snip>
> Billy
>
> here are the rules that fired on that memail on by system.
> Forgetting the ALL_TRUSTED misfire (hmm where'd that come from must
> check my spam.assassin.prefs.conf)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 0.0 MISSING_DATE Missing Date: header
> -2.8 ALL_TRUSTED Did not pass through any untrusted hosts
> 0.6 J_CHICKENPOX_22 BODY: {2}Letter - punctuation - {2}Letter
> 0.6 J_CHICKENPOX_16 BODY: {1}Letter - punctuation - {6}Letter
> 2.3 MANGLED_LOW BODY: mangled low
> 0.1 FU_FREE URI: FU_FREE
> 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL
> blocklist
> [URIs: innhgh.com]
> 3.0 URIBL_BLACK Contains an URL listed in the URIBL
blacklist
> [URIs: innhgh.com]
> 1.6 MISSING_SUBJECT Missing Subject: header
> 2.5 FM_NO_FROM_OR_TO FM_NO_FROM_OR_TO
> 0.5 FM_NO_TO FM_NO_TO
> 3.2 FM_MASKEDW0RDS FM_MASKEDW0RDS
>
>
> --
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
<Snip>
Thank you. If I may ask. How did you test that? Command line or
mailwatch? Looked like a mailwatch report but how did you send it?
Anyway...
I went back through my mailwatch and found the message and here is my
report:
Score Matching Rule Description
3.50 BAYES_99 Bayesian spam probability is 99 to 100%
0.25 HTML_10_20 Message is 10% to 20% HTML
0.00 HTML_MESSAGE HTML included in message
0.07 MPART_ALT_DIFF HTML and text parts are different
1.00 URIBL_SBL Contains an URL listed in the SBL blocklist
I need more rules. I thought that I had a lot of rules on my machine.
I have all of the recomened ones at http://www.rulesemporium.com/
I do not see chicken pox on there though. You have quite a few more
rule hits that I do. I have:
[root at WoodenMS CustomFunctions]# locate *.cf
/etc/isdn/ibod.cf
/etc/MailScanner/mcp/10_example.cf
/etc/mail/spamassassin.local.cf
/etc/mail/spamassassin/bogus-virus-warnings.cf
/etc/mail/spamassassin/70_sare_oem.cf
/etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf
/etc/mail/spamassassin/RulesDuJour/70_sare_oem.cf
/etc/mail/spamassassin/RulesDuJour/72_sare_bml_post25x.cf
/etc/mail/spamassassin/RulesDuJour/70_sare_bayes_poison_nxm.cf
/etc/mail/spamassassin/RulesDuJour/70_sare_html.cf
/etc/mail/spamassassin/RulesDuJour/99_sare_fraud_post25x.cf
/etc/mail/spamassassin/RulesDuJour/70_sare_spoof.cf
/etc/mail/spamassassin/RulesDuJour/70_sare_specific.cf
/etc/mail/spamassassin/RulesDuJour/70_sare_random.cf
/etc/mail/spamassassin/RulesDuJour/70_sare_header.cf
/etc/mail/spamassassin/RulesDuJour/70_sare_evilnum0.cf
/etc/mail/spamassassin/RulesDuJour/70_sare_adult.cf
/etc/mail/spamassassin/72_sare_bml_post25x.cf
/etc/mail/spamassassin/tripwire.cf
/etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf
/etc/mail/spamassassin/70_sare_html.cf
/etc/mail/spamassassin/99_sare_fraud_post25x.cf
/etc/mail/spamassassin/70_sare_spoof.cf
/etc/mail/spamassassin/german.cf
/etc/mail/spamassassin/local.cf
/etc/mail/spamassassin/70_sare_specific.cf
/etc/mail/spamassassin/70_sare_random.cf
/etc/mail/spamassassin/70_sare_header.cf
/etc/mail/spamassassin/antidrug.cf
/etc/mail/spamassassin/70_sare_evilnum0.cf
/etc/mail/spamassassin/70_sare_adult.cf
/etc/mail/sendmail.cf
/etc/mail/submit.cf
/usr/share/sendmail-cf/cf/generic-solaris.cf
/usr/share/sendmail-cf/cf/generic-nextstep3.3.cf
/usr/share/sendmail-cf/cf/generic-ultrix4.cf
/usr/share/sendmail-cf/cf/generic-bsd4.4.cf
/usr/share/sendmail-cf/cf/generic-osf1.cf
/usr/share/sendmail-cf/cf/generic-linux.cf
/usr/share/sendmail-cf/cf/generic-sunos4.1.cf
/usr/share/sendmail-cf/cf/submit.cf
/usr/share/sendmail-cf/cf/generic-mpeix.cf
/usr/share/sendmail-cf/cf/generic-hpux10.cf
/usr/share/sendmail-cf/cf/generic-hpux9.cf
/usr/share/spamassassin/20_fake_helo_tests.cf
/usr/share/spamassassin/25_hashcash.cf
/usr/share/spamassassin/30_text_pl.cf
/usr/share/spamassassin/30_text_de.cf
/usr/share/spamassassin/25_spf.cf
/usr/share/spamassassin/20_porn.cf
/usr/share/spamassassin/20_head_tests.cf
/usr/share/spamassassin/20_compensate.cf
/usr/share/spamassassin/23_bayes.cf
/usr/share/spamassassin/25_body_tests_es.cf
/usr/share/spamassassin/30_text_fr.cf
/usr/share/spamassassin/50_scores.cf
/usr/share/spamassassin/20_dnsbl_tests.cf
/usr/share/spamassassin/20_ratware.cf
/usr/share/spamassassin/20_drugs.cf
/usr/share/spamassassin/20_uri_tests.cf
/usr/share/spamassassin/10_misc.cf
/usr/share/spamassassin/20_meta_tests.cf
/usr/share/spamassassin/20_html_tests.cf
/usr/share/spamassassin/60_whitelist.cf
/usr/share/spamassassin/20_phrases.cf
/usr/share/spamassassin/20_body_tests.cf
/usr/share/spamassassin/25_uribl.cf
/usr/share/spamassassin/20_anti_ratware.cf
/usr/share/spamassassin/30_text_nl.cf
/home/install/sendmail-8.13.4/cf/cf/generic-solaris.cf
/home/install/sendmail-8.13.4/cf/cf/generic-nextstep3.3.cf
/home/install/sendmail-8.13.4/cf/cf/generic-ultrix4.cf
/home/install/sendmail-8.13.4/cf/cf/generic-bsd4.4.cf
/home/install/sendmail-8.13.4/cf/cf/generic-osf1.cf
/home/install/sendmail-8.13.4/cf/cf/generic-linux.cf
/home/install/sendmail-8.13.4/cf/cf/generic-sunos4.1.cf
/home/install/sendmail-8.13.4/cf/cf/submit.cf
/home/install/sendmail-8.13.4/cf/cf/generic-mpeix.cf
/home/install/sendmail-8.13.4/cf/cf/generic-hpux10.cf
/home/install/sendmail-8.13.4/cf/cf/generic-hpux9.cf
[root at WoodenMS CustomFunctions]#
I seen chickenpox here:
http://wiki.apache.org/spamassassin/CustomRulesets
I will go/can go through these and do some more searching for rules,
however do you have recommendations that you find work well?
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list