Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
TRACKER_ID lots of FPs
jens-sender-8130a1 at spamfreemail
Feb 15, 2004, 8:12 AM
Post #1 of 4 (1146 views)
Permalink
Hi,

TRACKER_ID, scored 3.5 by default, gets me lots of false positives. In my
SPAM corpus for the last couple weeks I have about 4000 messages, 33 of
those match TRACKER_ID, and of those 33 10 are "delivery failure" type
messages, and four are ham.

Some MTAs insert "X-ID: ..." headers that SA maybe detects as a TRACKER_ID.
But IMHO the score of the TRACKER_ID should be lowered to maybe 1.5 (this
would catch no FPs here, but all the SPAM messages of those 33).


--
Jens Benecke (jens at spamfreemail.de)
http://www.hitchhikers.de - Europaweite kostenlose Mitfahrzentrale
http://www.spamfreemail.de - 100% saubere Postfächer - garantiert!
http://www.rb-hosting.de - PHP ab 9? - SSH ab 19? - günstiger Traffic
Re: TRACKER_ID lots of FPs [ In reply to ]
Matthias.Fuhrmann at stud
Feb 15, 2004, 1:34 PM
Post #2 of 4 (1134 views)
Permalink
On Sun, 15 Feb 2004, Jens Benecke wrote:

Hi,

> TRACKER_ID, scored 3.5 by default, gets me lots of false positives. In my
> SPAM corpus for the last couple weeks I have about 4000 messages, 33 of
> those match TRACKER_ID, and of those 33 10 are "delivery failure" type
> messages, and four are ham.
>
> Some MTAs insert "X-ID: ..." headers that SA maybe detects as a TRACKER_ID.
> But IMHO the score of the TRACKER_ID should be lowered to maybe 1.5 (this
> would catch no FPs here, but all the SPAM messages of those 33).

the regex should only work within the body. those header entries will be
ingnored:
20_body_tests.cf:body TRACKER_ID

in local.cf you can lower its score:
score TRACKER_ID 0.5

regards,
Matthias
Re: TRACKER_ID lots of FPs [ In reply to ]
jens-sender-8130a1 at spamfreemail
Feb 18, 2004, 2:33 AM
Post #3 of 4 (1134 views)
Permalink
Matthias Fuhrmann wrote:

> On Sun, 15 Feb 2004, Jens Benecke wrote:
>
> Hi,
>
>> TRACKER_ID, scored 3.5 by default, gets me lots of false positives. In
>> my SPAM corpus for the last couple weeks I have about 4000 messages, 33
>> of those match TRACKER_ID, and of those 33 10 are "delivery failure" type
>> messages, and four are ham.
>>
>> Some MTAs insert "X-ID: ..." headers that SA maybe detects as a
>> TRACKER_ID. But IMHO the score of the TRACKER_ID should be lowered to
>> maybe 1.5 (this would catch no FPs here, but all the SPAM messages of
>> those 33).
>
> the regex should only work within the body. those header entries will be
> ingnored:
> 20_body_tests.cf:body TRACKER_ID

Yup, saw that, but I can't explain why some of my client's mail gets tagged.
Can I use the regex with perl somehow to 'grep' the mail for a match?

> in local.cf you can lower its score:
> score TRACKER_ID 0.5

I did. For a workaround. But I still think something is not right here.


--
Jens Benecke (jens at spamfreemail.de)
http://www.hitchhikers.de - Europaweite kostenlose Mitfahrzentrale
http://www.spamfreemail.de - 100% saubere Postfächer - garantiert!
http://www.rb-hosting.de - PHP ab 9? - SSH ab 19? - günstiger Traffic
Re: TRACKER_ID lots of FPs [ In reply to ]
b-nordquist at bethel
Feb 18, 2004, 7:28 AM
Post #4 of 4 (1131 views)
Permalink
On Wed, 18 Feb 2004, Jens Benecke <jens-sender-8130a1@spamfreemail.de> wrote:

> Can I use the regex with perl somehow to 'grep' the mail for a match?

Run the message through this:

spamassassin -t -D rulesrun=255 <message

--
Brent J. Nordquist <b-nordquist@bethel.edu> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal