MCP suggestions
Martin Hepworth
martinh at SOLID-STATE-LOGIC.COM
Mon Jul 11 17:31:02 IST 2005
Billy A. Pumphrey wrote:
>>Billy A. Pumphrey wrote:
>><snip>
>>
>>>I don't want to put vague rules in there and have false positives.
>
> Here
>
>>>is an example email that slipped through:
>>>
>>
>><snip>
>>Billy
>>
>>here are the rules that fired on that memail on by system.
>>Forgetting the ALL_TRUSTED misfire (hmm where'd that come from must
>>check my spam.assassin.prefs.conf)
>>
>> pts rule name description
>>---- ----------------------
>>--------------------------------------------------
>> 0.0 MISSING_DATE Missing Date: header
>>-2.8 ALL_TRUSTED Did not pass through any untrusted hosts
>> 0.6 J_CHICKENPOX_22 BODY: {2}Letter - punctuation - {2}Letter
>> 0.6 J_CHICKENPOX_16 BODY: {1}Letter - punctuation - {6}Letter
>> 2.3 MANGLED_LOW BODY: mangled low
>> 0.1 FU_FREE URI: FU_FREE
>> 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL
>>blocklist
>> [URIs: innhgh.com]
>> 3.0 URIBL_BLACK Contains an URL listed in the URIBL
>
> blacklist
>
>> [URIs: innhgh.com]
>> 1.6 MISSING_SUBJECT Missing Subject: header
>> 2.5 FM_NO_FROM_OR_TO FM_NO_FROM_OR_TO
>> 0.5 FM_NO_TO FM_NO_TO
>> 3.2 FM_MASKEDW0RDS FM_MASKEDW0RDS
>>
>>
>>--
>>--
>>Martin Hepworth
>>Snr Systems Administrator
>>Solid State Logic
>>Tel: +44 (0)1865 842300
>>
>
> <Snip>
> Thank you. If I may ask. How did you test that? Command line or
> mailwatch? Looked like a mailwatch report but how did you send it?
> Anyway...
>
> I went back through my mailwatch and found the message and here is my
> report:
> Score Matching Rule Description
> 3.50 BAYES_99 Bayesian spam probability is 99 to 100%
> 0.25 HTML_10_20 Message is 10% to 20% HTML
> 0.00 HTML_MESSAGE HTML included in message
> 0.07 MPART_ALT_DIFF HTML and text parts are different
> 1.00 URIBL_SBL Contains an URL listed in the SBL blocklist
>
> I need more rules. I thought that I had a lot of rules on my machine.
> I have all of the recomened ones at http://www.rulesemporium.com/
>
> I do not see chicken pox on there though. You have quite a few more
> rule hits that I do. I have:
>
> [root at WoodenMS CustomFunctions]# locate *.cf
> /etc/isdn/ibod.cf
> /etc/MailScanner/mcp/10_example.cf
> /etc/mail/spamassassin.local.cf
> /etc/mail/spamassassin/bogus-virus-warnings.cf
> /etc/mail/spamassassin/70_sare_oem.cf
> /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf
> /etc/mail/spamassassin/RulesDuJour/70_sare_oem.cf
> /etc/mail/spamassassin/RulesDuJour/72_sare_bml_post25x.cf
> /etc/mail/spamassassin/RulesDuJour/70_sare_bayes_poison_nxm.cf
> /etc/mail/spamassassin/RulesDuJour/70_sare_html.cf
> /etc/mail/spamassassin/RulesDuJour/99_sare_fraud_post25x.cf
> /etc/mail/spamassassin/RulesDuJour/70_sare_spoof.cf
> /etc/mail/spamassassin/RulesDuJour/70_sare_specific.cf
> /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf
> /etc/mail/spamassassin/RulesDuJour/70_sare_header.cf
> /etc/mail/spamassassin/RulesDuJour/70_sare_evilnum0.cf
> /etc/mail/spamassassin/RulesDuJour/70_sare_adult.cf
> /etc/mail/spamassassin/72_sare_bml_post25x.cf
> /etc/mail/spamassassin/tripwire.cf
> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf
> /etc/mail/spamassassin/70_sare_html.cf
> /etc/mail/spamassassin/99_sare_fraud_post25x.cf
> /etc/mail/spamassassin/70_sare_spoof.cf
> /etc/mail/spamassassin/german.cf
> /etc/mail/spamassassin/local.cf
> /etc/mail/spamassassin/70_sare_specific.cf
> /etc/mail/spamassassin/70_sare_random.cf
> /etc/mail/spamassassin/70_sare_header.cf
> /etc/mail/spamassassin/antidrug.cf
> /etc/mail/spamassassin/70_sare_evilnum0.cf
> /etc/mail/spamassassin/70_sare_adult.cf
> /etc/mail/sendmail.cf
> /etc/mail/submit.cf
> /usr/share/sendmail-cf/cf/generic-solaris.cf
> /usr/share/sendmail-cf/cf/generic-nextstep3.3.cf
> /usr/share/sendmail-cf/cf/generic-ultrix4.cf
> /usr/share/sendmail-cf/cf/generic-bsd4.4.cf
> /usr/share/sendmail-cf/cf/generic-osf1.cf
> /usr/share/sendmail-cf/cf/generic-linux.cf
> /usr/share/sendmail-cf/cf/generic-sunos4.1.cf
> /usr/share/sendmail-cf/cf/submit.cf
> /usr/share/sendmail-cf/cf/generic-mpeix.cf
> /usr/share/sendmail-cf/cf/generic-hpux10.cf
> /usr/share/sendmail-cf/cf/generic-hpux9.cf
> /usr/share/spamassassin/20_fake_helo_tests.cf
> /usr/share/spamassassin/25_hashcash.cf
> /usr/share/spamassassin/30_text_pl.cf
> /usr/share/spamassassin/30_text_de.cf
> /usr/share/spamassassin/25_spf.cf
> /usr/share/spamassassin/20_porn.cf
> /usr/share/spamassassin/20_head_tests.cf
> /usr/share/spamassassin/20_compensate.cf
> /usr/share/spamassassin/23_bayes.cf
> /usr/share/spamassassin/25_body_tests_es.cf
> /usr/share/spamassassin/30_text_fr.cf
> /usr/share/spamassassin/50_scores.cf
> /usr/share/spamassassin/20_dnsbl_tests.cf
> /usr/share/spamassassin/20_ratware.cf
> /usr/share/spamassassin/20_drugs.cf
> /usr/share/spamassassin/20_uri_tests.cf
> /usr/share/spamassassin/10_misc.cf
> /usr/share/spamassassin/20_meta_tests.cf
> /usr/share/spamassassin/20_html_tests.cf
> /usr/share/spamassassin/60_whitelist.cf
> /usr/share/spamassassin/20_phrases.cf
> /usr/share/spamassassin/20_body_tests.cf
> /usr/share/spamassassin/25_uribl.cf
> /usr/share/spamassassin/20_anti_ratware.cf
> /usr/share/spamassassin/30_text_nl.cf
> /home/install/sendmail-8.13.4/cf/cf/generic-solaris.cf
> /home/install/sendmail-8.13.4/cf/cf/generic-nextstep3.3.cf
> /home/install/sendmail-8.13.4/cf/cf/generic-ultrix4.cf
> /home/install/sendmail-8.13.4/cf/cf/generic-bsd4.4.cf
> /home/install/sendmail-8.13.4/cf/cf/generic-osf1.cf
> /home/install/sendmail-8.13.4/cf/cf/generic-linux.cf
> /home/install/sendmail-8.13.4/cf/cf/generic-sunos4.1.cf
> /home/install/sendmail-8.13.4/cf/cf/submit.cf
> /home/install/sendmail-8.13.4/cf/cf/generic-mpeix.cf
> /home/install/sendmail-8.13.4/cf/cf/generic-hpux10.cf
> /home/install/sendmail-8.13.4/cf/cf/generic-hpux9.cf
> [root at WoodenMS CustomFunctions]#
>
> I seen chickenpox here:
> http://wiki.apache.org/spamassassin/CustomRulesets
>
> I will go/can go through these and do some more searching for rules,
> however do you have recommendations that you find work well?
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
Billy
see
http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:rules:recommended
for my list.... I've got lots over the last 18 months or so... my
/etc/mail/spammassassin is quite full ;-)
--
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list