-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Igor Chudov wrote: > Example is here > > http://igor.chudov.com/tmp/spam001.txt > > They go past spamassassin. I use latest sare rules, run rules du jour > nightly etc. > > I catch them after spamassassin, using my own filter, using regex > > edrx\s*\.com\b > > I wonder why spamassassin cannot identify them. > > i
Here's my score for that message: Content analysis details: (13.7 points, 5.0 required) pts rule name description - ---- ---------------------- - -------------------------------------------------- 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 5.0 BOTNET Relay might be a spambot or virusbot [botnet0.7,ip=65.182.171.162,hostname=ak74,maildomain=haats.de,baddns] 0.1 TW_DR BODY: Odd Letter Triples with DR 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?88.121.45.57>] 0.8 DIGEST_MULTIPLE Message hits more than one network digest check Running SA 3.1.8, Pyzor, Razor, DCC, BOTNET, SARE rulesets, RBL tests and Bayesian. I just added BOTNET recently, but even without it, it still would have scored 8.7. David Goldsmith -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3rc2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF3lpz417vU8/9QfkRAtrgAJkB5JOPXbHz4cO5dE9XuzoyCGE5LgCgkzC5 XxgfM/kl9BUqatLtlN0T0EA= =jv6g -----END PGP SIGNATURE-----