Doc for score explanations?

Rob Morin rob at dido.ca
Tue Oct 17 16:00:19 IST 2006 

Hmm.. these rules were there when i installed SA, then added rules du 
jour...... I figure if i was to actually learn what all the rules do i 
would not have time to do anything else.... so i go with some defaults 
which seem to work fine for about 90% of the time.... but once in a 
while some innocent emails get trashed... like when my wife sends me 
email fomr her hotmail account with no subject and her graphic signature 
with text in the body like... "what do you want to eat tonight? Love Paula"
:)
Those get nuked sometimes... hehehhe

Thanks for the info!

Rob Morin
Dido InterNet Inc.
Montreal, Canada
Http://www.dido.ca
514-990-4444



Matt Kettler wrote:
> Rob Morin wrote:
>   
>> Hello all... more and more recently i have been asked by clients why
>> emails are getting marked as SPM. I tell them well maybe because of this
>> and that, that use to work ok, but now they want to know why exactly an
>> email was marked as spam... here is an example....
>>
>> Oct 16 15:28:17 peter MailScanner[5660]: Message 1920269005F.5C45D from
>> 207.99.47.70 (dplatt at domain2.com) to domain.com is spam, SpamAssassin
>> (score=12.46, required 4, BAYES_60 1.00, FB_4WORD_DOLLARe 0.85,
>> FB_SINGLE_0WORD 0.34, FB_SINGLE_1WORD 1.01, FB_WORD1_END_DOLLAR 1.39,
>> FB_WORD2_END_DOLLAR 1.39, FB_WORD_01DOLLAR1 0.60, FM_MULTI_ODD2 1.10,
>> FM_MULTI_ODD3 0.70, FM_MULTI_ODD4 0.70, FM_MULTI_ODD5 0.90,
>> OBSCURED_EMAIL 2.10, UPPERCASE_50_75 0.37)
>>
>> So what do i tell the client?  There must be some docs or list to read
>> against to figure out why its getting marked as spam....
>>     
>
>
> It got marked as spam largely because of your add-on rulesets.
>
> Most of those FB_* rules come from
> http://www.rulesemporium.com/rules/88_FVGT_body.cf
>
> And the rest come from
> http://www.rulesemporium.com/rules/99_FVGT_meta.cf
>
>
> So perhaps a better question is, if you don't know already know exactly what
> these rules do, why did you add them?
>
> I'm quite well versed in SA, but I do not know what these sets do, other than
> that Fred Tarasevicius wrote them.
>
> I can tell you from looking at the rulefiles:
>
> FB_SINGLE_1WORD appears to look for a shortish word (8 chars max) with a 1
> roughly in the middle.
>
> FB_SINGLE_0WORD is similar, but looks for a 0, allows $ signs in the second
> half, and has a 7 character limit.
>
> FB_4WORD_DOLLARe appears to look for a word (13 chars max) with a dollar-sign in
> the middle, but excludes Micro$oft.
>
> My guess is this ruleset would tear the hell out of any email with programmer's
> source code in it, or anything containing lots of mixed alphanumeric "id"
> strings. (ie: reports using a lot of abbreviations)
>
> A default SA install would have ranked this with a score of 3.47 (BAYES_60 1.00,
> OBSCURED_EMAIL 2.10, UPPERCASE_50_75 0.37)
>
>
>
>   
>> Did i confuse anyone?
>> p.s. the original domain name has been change to conceal the innocent
>> :)
>>
>>
>>     
>
>

More information about the MailScanner mailing list