SPAM and procmail

[Matt Brodeur]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jan 14, 2004 at 06:41:49AM -0500, Brian wrote:

> For anyone interested... It seems that a lot of spam is starting to slip
> through Spam Assassin again.  The majority of the messages seem to
> either have "obvious" subject lines, or have ----ALT-- in the message
> body to try to hide dummy words to throw off the weighting.

   I have seen probably 10-20 messages in the past week that have a
Habeas Warrant Mark (www.habeas.com), but are obviously spam.  The
default SA configuration will assign -8.0 points for this, usually
outweighing other indicators and letting the message through.  This
line in your user_prefs or local.cf could help:

score HABEAS_SWE 0.00

   I chose to completely disable the Habeas check, since it just seems
too easy to forge.  You might want to instead assign it a more
reasonable score (like -2.0 or so), so that a really spammy message
will still count as a hit.
   As an interesting note, all of the messages that have slipped
through due to the Habeas issue have also scored 90+ on the Bayes
test.  Since my BAYES_99 score is 7.5, the HABEAS_SWE of -8.0 was
completely nullifying that result.  By lowering the effect of the
Warrant Mark these messages will be properly tagged.


- -- 
Matt Brodeur                                                            RHCE
MBrodeur at NextTime.com                                http://www.NextTime.com

Anytime things appear to be going better, you have overlooked something.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFABT2yc8/WFSz+GKMRAh2NAJ9OwdGUm43UGOdHOycMk2v3Q4bCWACfWLnN
Pv9I2CHPoef8EfTMIW7GoJk=
=vTzk
-----END PGP SIGNATURE-----