The last one is the lowest scoring here, look at the results: For the first mail:
Content analysis details: (13.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails -0.0 SPF_PASS SPF: sender matches SPF record 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5751] 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [88.155.128.48 listed in dnsbl.sorbs.net] 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [88.155.128.48 listed in zen.spamhaus.org] 7.0 BOUNCE_MESSAGE MTA bounce message 0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce message The second one: Content analysis details: (14.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails -0.0 SPF_PASS SPF: sender matches SPF record 1.0 DC_IMG_TEXT_RATIO BODY: Low body to pixel area ratio 0.5 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area 0.0 HTML_MESSAGE BODY: HTML included in message 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.5 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words 0.6 SARE_SPEC_LEO_LINE03e RAW: common Leo body text 1.0 DC_IMG_HTML_RATIO RAW: Low rawbody to pixel area ratio 7.0 BOUNCE_MESSAGE MTA bounce message 0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce message The third one: Content analysis details: (14.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails -0.0 SPF_PASS SPF: sender matches SPF record 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5442] 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [84.2.4.148 listed in zen.spamhaus.org] 3.0 BOTNET BOTNET 7.0 BOUNCE_MESSAGE MTA bounce message 0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce message And finaly, the low one: Content analysis details: (5.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails 0.3 RCVD_ILLEGAL_IP Received: contains illegal IP address 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [12.162.173.226 listed in dnsbl.sorbs.net] I give the BOUNCE_MESSAGE a high score because the bonce backs were driving me (and my users) mad. So I just throw them away. I know it's not very RFC-something style, but works like a charm ;-) Luix 2007/4/10, Spamassassin List <[EMAIL PROTECTED]>:
> http://hege.li/howto/spam/spamassassin.html Remove everything from Botnet.cf RULES-section and set it up this way: Does the above line mean to remove from the # THE RULES? regards
-- ------------------------------------------------- GNU-GPL: "May The Source Be With You... -------------------------------------------------