spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Spam US$350,000 not tripped

Re: Spam US$350,000 not tripped

From: Karsten Bräckelmann <guenther_at_nospam>
Date: Wed Oct 20 2010 - 20:18:10 GMT
To: users@spamassassin.apache.org

On Wed, 2010-10-20 at 06:26 +0100, Ned Slider wrote:
> On 19/10/10 22:56, Karsten Bräckelmann wrote:
> > On Tue, 2010-10-19 at 22:41 +0100, Ned Slider wrote:

> > > It hits a stack of rules here (some are my own scoring) - looks like

> > > * 25 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
> > > * [148.208.170.3 listed in bb.barracudacentral.org]
> >
> > Seriously? Or is that a score typo in your cf files?
>
> I did say above "some are my own scoring". I've been evaluating BRBL to
> see if it's a candidate to use at the smtp level and need to identify
> possible false positives. Giving it a ridiculously high score ensures
> any hits end up in quarantine where I can examine. No FPs of note yet.

Yes, you did state some scores are adjusted. That one really stuck out,
though, and with such a ridiculously high score (your own words, let me
just stress the point ;) being a typo was not unlikely. Your usage as
test-phase for possible SMTP rejection makes sense and puts it into
perspective.

> I've also tweaked the Basian scoring for my own preferences. I still see
> a fair amount of spam caught by Bayes alone and manually train Bayes
> with confirmed ham/spam only. I have high confidence in my Bayesian
> setup and whitelisting invariably catches any potential FP hits.

*nod* With a well-trained Bayes DB, that's entirely possible.

> In general, I wouldn't recommend users tweak the default scoring too much.

Thanks. :)

-- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}