Bud Durland has written a nice external test called
HELOISIP. (see attached message)
For further information search for "HELOISIP" or "new test"
in the archive.
Markus
|
--- Begin Message ---Markus; Thanks for the detailed feedback and kind words. I haven't had time to the study our numbers (and I believe our statistical universe is much smaller than yours), but generally speaking I'm pleased with the results we're seeing here.For those who are interested, I'll be posting this test for download from my web site (http://bud.thedurlands.com) this weekend Don't look for it earlier than Sunday, but I promise it will be there. There will be two executables. The current one remains unchanged. The additional test, called HELOISIPX only fails if the HELO is a "pure" IP address: > Received: from 12.107.134.252 [69.6.65.63] by mrpcap.com with ESMTP I created this because I see quite a few messages that use an IP for the HELO, (and often it is MY mail server's IP). I have never, ever, not once seen such a message that wasn't spam, so on my system that test will be weighted quite heavily. Markus Gufler wrote: >Two days ago Bud has announced HELOISIP as new external test. > >After trying this test now for 36 hours I can report the following results >for 04/15/2004 > >Processed messages: 9832 > >Hold as Spam: 4728 (48% of all messages) >Detected by HELOISIP: 1340 (28% of hold spam / 14% of all messages) > >FP's from SURBL: 55 >All of this 55 legit messages has had a final weight below 60% of our hold >weight and so hasn't caused any real FP. > >91% of all spam messages catched by HELOISIP has already reached a weight > >200% of our hold weight. So having a possibility to skip this external test >if a certain weight is already reached should significantly save resources. > >Good test! > >Markus > > > > -- ------------------------------------------------------------------- illigitimi non carborundum ------------------------------------------------------------------- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com ------------------------------------------------------------------- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
--- End Message ---