-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Igor Chudov wrote:
> Example is here
>
> http://igor.chudov.com/tmp/spam001.txt
>
> They go past spamassassin. I use latest sare rules, run rules du jour
> nightly etc.
>
> I catch them after spamassassin, using my own filter, using regex
>
> edrx\s*\.com\b
>
> I wonder why spamassassin cannot identify them.
>
> i
Here's my score for that message:
Content analysis details: (13.7 points, 5.0 required)
pts rule name description
- ---- ----------------------
- --------------------------------------------------
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.7,ip=65.182.171.162,hostname=ak74,maildomain=haats.de,baddns]
0.1 TW_DR BODY: Odd Letter Triples with DR
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.2 DCC_CHECK Listed in DCC
(http://rhyolite.com/anti-spam/dcc/)
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?88.121.45.57>]
0.8 DIGEST_MULTIPLE Message hits more than one network digest check
Running SA 3.1.8, Pyzor, Razor, DCC, BOTNET, SARE rulesets, RBL tests
and Bayesian. I just added BOTNET recently, but even without it, it
still would have scored 8.7.
David Goldsmith
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3rc2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF3lpz417vU8/9QfkRAtrgAJkB5JOPXbHz4cO5dE9XuzoyCGE5LgCgkzC5
XxgfM/kl9BUqatLtlN0T0EA=
=jv6g
-----END PGP SIGNATURE-----
