On 2022-05-07 at 04:42:25 UTC-0400 (Sat, 7 May 2022 11:42:25 +0300) Henrik K <[email protected]> is rumored to have said:
> There's lots of common headers that are basically huge base64 strings, > creating stupid amounts of random Bayes tokens. > > Apparently rulesrc/sandbox/axb/23_bayes_ignore_header.cf was created to > handle some of these already? > > I've found atleast these missing: > > IronPort-SDR > X-Exchange-Antispam-Report-CFA-Test > X-Forefront-Antispam-Report-Untrusted > X-Gm-Message-State > X-MS-Exchange-AntiSpam-MessageData > X-MS-Exchange-AntiSpam-MessageData-0 > X-MS-Exchange-CrossTenant-UserPrincipalName > X-MS-Exchange-SLBlob-MailProps > X-MSFBL > X-Microsoft-Antispam-Message-Info > X-Microsoft-Antispam-Message-Info-Original > X-Microsoft-Antispam-Untrusted > X-Microsoft-Exchange-Diagnostics > X-Provags-ID > X-SG-EID > X-SG-ID > > Wouldn't these be better put directly into bayes/23_bayes.cf instead of some > sandbox, that's intended more for testing rules than changing SA config? Yes. However, I'm not convinced that all of those are unhelpful for Bayes. Some will never repeat and so are pure noise, but those which identify specific senders may be useful. The MS anti-spam headers may be tokenized into useful pieces (e.g. "NSPM" or "SPM") even if the headers as a whole are opaque. > Any objections 1) adding these new ones I have not researched all of those, but I believe that some of those should in theory be useful in Bayes. > 2) moving everything to 23_bayes.cf? +1 -- Bill Cole [email protected] or [email protected] (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
