new spam getting through
jim.barber at ddihealth.com
Mon Dec 6 02:46:58 GMT 2010
On 6/12/2010 10:21 AM, Jim Barber wrote:
> On 6/12/2010 8:58 AM, Jim Barber wrote:
>> Hi Steve.
>> I've noticed one strange thing.
>> I run a few MX servers for the company I work for.
>> Two of them are running MailScanner with an older version of
>> SpamAssassin (v 3.2.5)
>> One of them is running MIMEDefang with SpamAssassin 3.3.1
>> On the MailScanner boxes, your plugin triggers the HAS_SHORT_URL rule
>> along with a number of the other SHORT_URL_* rules.
>> So it is working very effectively there.
>> But on my MIMEDefang host the plugin has triggered 197 times over the
>> weekend with the HAS_SHORT_URL rule, but none of the the SHORT_URL_*
>> rules fired at all.
>> So it only adds 0.001 to the overall score which isn't enough to ban
>> the bad emails.
>> I'm not really sure what to check, but I'll start researching now to
>> see if I can find why.
>> Jim Barber
>> DDI Health
> One difference I spot is in the SpamAssassin lint test I see the
> following on the MailScanner host:
> dbg: rules: HAS_SHORT_URL merged duplicates: SHORT_URL_404
> SHORT_URL_CHAINED SHORT_URL_LOOP SHORT_URL_MAXCHAIN
> This message doesn't happen on the lint tests on the MIMEDefang host.
> When I go back over the logs for my MailScanner boxes it seems that if
> HAS_SHORT_URL triggers then all of those duplicate rules also trigger.
> So to me that means any short URL that comes in to the MailScanner
> boxes whether it is legitimate or not will always trigger all the rules.
> I guess on the MIMEDefang host, the rules are working correctly, and
> the short URL is detected, but none of the other conditions exist.
> The bug I am seeing is the duplicate rules, but maybe that is because
> I need to upgrade my versions of SpamAssassin (which is on the cards).
Upgrading to SpamAssassin 3.3.1 fixed the duplicate rule error on the
So that's good and all I need to do is increase the HAS_SHORT_URL score
from 0.01 to something a bit more aggressive to help tip the balance.
More information about the MailScanner