On Thu, Feb 22, 2007 at 09:01:24PM -0600, Igor Chudov wrote:
> Example is here
>
> http://igor.chudov.com/tmp/spam001.txt
>
> They go past spamassassin. I use latest sare rules, run rules du jour
> nightly etc.
>
> I catch them after spamassassin, using my own filter, using regex
>
> edrx\s*\.com\b
>
> I wonder why spamassassin cannot identify them.
>
> i
Botnet and Bayes did the trick for me, albeit I have BAYES_99 set to
score higher than standard:
Content analysis details: (11.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.7,ip=65.182.171.162,hostname=ak74,maildomain=haats.de,baddns]
0.1 TW_DR BODY: Odd Letter Triples with DR
5.1 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 0.9998]
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?88.121.45.57>]
Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
[EMAIL PROTECTED] http://www.bobcatos.com
To do what is right and just is more acceptable to the LORD than
sacrifice. Proverbs 21:3 (NIV)
