On Thu, Feb 22, 2007 at 09:01:24PM -0600, Igor Chudov wrote: > Example is here > > http://igor.chudov.com/tmp/spam001.txt > > They go past spamassassin. I use latest sare rules, run rules du jour > nightly etc. > > I catch them after spamassassin, using my own filter, using regex > > edrx\s*\.com\b > > I wonder why spamassassin cannot identify them. > > i
Botnet and Bayes did the trick for me, albeit I have BAYES_99 set to score higher than standard: Content analysis details: (11.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 5.0 BOTNET Relay might be a spambot or virusbot [botnet0.7,ip=65.182.171.162,hostname=ak74,maildomain=haats.de,baddns] 0.1 TW_DR BODY: Odd Letter Triples with DR 5.1 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 0.9998] 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?88.121.45.57>] Cheers, -- Bob McClure, Jr. Bobcat Open Systems, Inc. [EMAIL PROTECTED] http://www.bobcatos.com To do what is right and just is more acceptable to the LORD than sacrifice. Proverbs 21:3 (NIV)