false positives on rule "FM_RATSIGN_1106" and what to do?
Scott Silva
ssilva at sgvwater.com
Tue May 29 20:45:26 IST 2007
Chris Yuzik spake the following on 5/29/2007 12:30 PM:
> Hi,
>
> Suddenly, I'm seeing quite a number of false positives on the rule
> "FM_RATSIGN_1106" that gets a whopping 3.8 points. I've tried to figure
> out what exactly it's hitting on, but the only thing I found was:
>
> ##{ FM_RATSIGN_1106
> meta FM_RATSIGN_1106 (__MSGID_VGA && __DATE_700)
> describe FM_RATSIGN_1106 Fingerprint seen in lots of spam. 11/2006
> ##} FM_RATSIGN_1106
>
> I think I need to set this rule down to 0.01 for now, or does someone
> have a better suggestion?
>
> Thanks
>
It looks at messages that hit both MSGID_VGA and DATE_700
Message-ID =~ /^<000001c[67]/ and date is -7 hours
It is in 72_active.cf.
So if you are getting false positives it might be that you deal with a lot of
mail from a time zone that is 7 hours behind you. If it hits that much, you
could score lower.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
More information about the MailScanner
mailing list