"random" spam

Thu Jan 5 02:57:36 UTC 2017

On 01/04/2017 06:31 PM, Walt Thiessen wrote:
> Thanks Mark. What initial scoring would you recommend with it?

There are a couple of ways to deal with the scores. Read the Botnet.txt
and Botnet.variants.txt files for information. The BOTNET rule is
actually a metarule which hits based on which other rules do and don't
hit. The scores in the GitHub Botnet.cf file score most things as 1.0
and basically get a total score based on how many hit.

This contrasts with the "original" distribution which scored the
positive rules as 0.0 so the only score that actually counted was the
BOTNET score.

Here's a diff between the GitHub Botnet.cf and mine

# diff .software/from_repo/Botnet.pm/Botnet.cf /etc/spamassassin/Botnet.cf
25c25,27
< botnet_pass_trusted		public
---
> #botnet_pass_trusted		public
> # Skip over the trusted relays to the first untrusted
> botnet_pass_trusted		ignore
75c77
< score		BOTNET			1.0
---
> score		BOTNET			4.25
83c85
< score		BOTNET_NORDNS		1.0
---
> score		BOTNET_NORDNS		0.0
87c89
< score		BOTNET_BADDNS		1.0
---
> score		BOTNET_BADDNS		0.0
91c93
< score		BOTNET_CLIENT		1.0
---
> score		BOTNET_CLIENT		0.0
95c97
< score		BOTNET_IPINHOSTNAME	1.0
---
> score		BOTNET_IPINHOSTNAME	0.0
99c101
< score		BOTNET_CLIENTWORDS	1.0
---
> score		BOTNET_CLIENTWORDS	0.0

See Botnet.txt for more info on what my
 botnet_pass_trusted		ignore
setting means.

Also, I have a X-local.cf file that overrides the BOTNET score of 4.25 with

score BOTNET 3.5

This is with MailScanner

High SpamAssassin Score = 10
Required SpamAssassin Score = 5

These scores work well for me.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan