On Fri, 19 Nov 2004, Rob Blomquist wrote: > I run Kmail with SA 3.0.1, and I filter by piping incoming mail to spamc. > > I am currently using SARE_OEM SARE_GENLSUBJ SARE_GENLSUBJ_ENG SARE_HTML1 > SARE_HTML2 SARE_HEADER1 SARE_HEADER2 SARE_HTML_ENG SARE_BML SARE_FRAUD > SARE_SPOOF SARE_UNSUB SARE_RANDOM SARE_TOP_200 and BOGUSVIRUS as my rulesets. > > All I want to do is push the scores into the spam range. And frankly I think I > could lower the bar, too. Are their rulesets that might help, or custom rules > that I could write, and as a single user I don't need perfection, I just want > something like a 95% catch ratio instead of the 60% I am currently getting.
Any reason why you aren't using net-tests? Every one of your examples hit three or more DNSBL lists. Here's the output from a little DNSBL checker script I have for the sender IP from one of your example spams: % rss_check 211.230.54.86 host 211.230.54.86 resolves to 127.1.0.2 from RBL-Plus host 211.230.54.86 resolves to 127.0.0.2 from list.dsbl.org host 211.230.54.86 resolves to 127.0.0.2 from unconfirmed.dsbl.org host 211.230.54.86 resolves to 127.0.0.2 from bl.spamcop.net host 211.230.54.86 resolves to 127.0.0.4 from xbl.spamhaus.org host 211.230.54.86 resolves to 127.0.0.3 from dynablock.njabl.org host 211.230.54.86 resolves to 127.0.0.10 from dnsbl.sorbs.net host 211.230.54.86 resolves to 127.0.0.2 from cbl.abuseat.org I don't use all of those DNSBLs in my live spamassassin filtering, but I do use several, so those scores alone would have been enough to have caused that spam to hit my reject threshold. -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{