On Fri, 19 Nov 2004, Rob Blomquist wrote:
> I run Kmail with SA 3.0.1, and I filter by piping incoming mail to spamc.
>
> I am currently using SARE_OEM SARE_GENLSUBJ SARE_GENLSUBJ_ENG SARE_HTML1
> SARE_HTML2 SARE_HEADER1 SARE_HEADER2 SARE_HTML_ENG SARE_BML SARE_FRAUD
> SARE_SPOOF SARE_UNSUB SARE_RANDOM SARE_TOP_200 and BOGUSVIRUS as my rulesets.
>
> All I want to do is push the scores into the spam range. And frankly I think I
> could lower the bar, too. Are their rulesets that might help, or custom rules
> that I could write, and as a single user I don't need perfection, I just want
> something like a 95% catch ratio instead of the 60% I am currently getting.
Any reason why you aren't using net-tests? Every one of your examples
hit three or more DNSBL lists.
Here's the output from a little DNSBL checker script I have for the
sender IP from one of your example spams:
% rss_check 211.230.54.86
host 211.230.54.86 resolves to 127.1.0.2 from RBL-Plus
host 211.230.54.86 resolves to 127.0.0.2 from list.dsbl.org
host 211.230.54.86 resolves to 127.0.0.2 from unconfirmed.dsbl.org
host 211.230.54.86 resolves to 127.0.0.2 from bl.spamcop.net
host 211.230.54.86 resolves to 127.0.0.4 from xbl.spamhaus.org
host 211.230.54.86 resolves to 127.0.0.3 from dynablock.njabl.org
host 211.230.54.86 resolves to 127.0.0.10 from dnsbl.sorbs.net
host 211.230.54.86 resolves to 127.0.0.2 from cbl.abuseat.org
I don't use all of those DNSBLs in my live spamassassin filtering,
but I do use several, so those scores alone would have been enough
to have caused that spam to hit my reject threshold.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
