lots of spam getting through all of a sudden
ka at pacific.net
Mon Jul 24 21:40:07 IST 2006
I added an additional meta rule to spam.assassin.prefs.conf since I was
seeing the same thing last friday. They seem to hit these two. The TVD
rule is from sa-update, so you'll need to run 'sa-update -D' to get that
one (it scores 2.80 by default too!).
meta LOCAL_SPAM_07202006 (EXTRA_MPART_TYPE &&
describe LOCAL_SPAM_07202006 spam bomb 07202006
score LOCAL_SPAM_07202006 10
Julian Field wrote:
> I keep getting this GDKI.PK spam as well. I have all the SARE rules,
> including SARE_STOCKS (from July 15th) but it gets
> not spam, SpamAssassin (score=4.992, required 6, BAYES_40 -0.18,
> DATE_IN_PAST_06_12 0.83, EXTRA_MPART_TYPE 1.09, HTML_IMAGE_ONLY_32 1.05,
> HTML_MESSAGE 0.00, RCVD_IN_SORBS_WEB 1.46, SARE_GIF_ATTACH 0.75)
> Any ideas if anything is wrong or I am missing something?
> I have
> TRUSTED_RULESETS="SARE_REDIRECT_POST300 EVILNUMBERS
> SARE_BAYES_POISON_NXM SARE_H
> TML0 SARE_HTML1 SARE_HEADER0 SARE_HEADER1 SARE_SPECIFIC SARE_ADULT
> SARE_BML SARE
> _FRAUD SARE_SPOOF SARE_RANDOM SARE_OEM SARE_GENLSUBJ0 SARE_GENLSUBJ1
> SARE_URI SARE_HEADER SARE_CODING SARE_SPECIFIC TRIPWIRE SARE_OBFU0
> Any thoughts?
> On Mon24 Jul 06, at 18:47, Scott Silva wrote:
>> Phillip Udel spake the following on 7/24/2006 8:28 AM:
>>> LOL. OK. I Just found the SARE Site. Lol Can I assume that
>>> everyone here
>>> but me know about this site :). Does anyone here use the RulesDuJour
>>> Any Suggestions on what rules would be safe to start using first?
>> There is a tarball at Fortress Systems - www.fsl.com/support.html -
>> It is a good starting package, with a fixed bogus_virus_warnings that
>> misfire on mailscanner messages.
>> I would suggest starting there.
>> MailScanner is like deodorant...
>> You hope everybody uses it, and
>> you notice quickly if they don't!!!!
>> --MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> Before posting, read http://wiki.mailscanner.info/posting
>> Support MailScanner development - buy the book off the website!
> Julian Field
> Buy the MailScanner book at www.MailScanner.info/store !
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> --This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
> --MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
More information about the MailScanner