Mailing List Archive

On Thu, 2022-02-03 at 10:50 -0500, joea- lists wrote:
> SA version 3.4.5
>
> Since yesterday 2/2/22 (gasp!) . . . I've noticed an up tick in missed
> SPAM from .co domain.  Though obvious SPAM
> weight loss, phish, "personals", they are scoring rather low.  
>
> Added a custom rule for that domain, which should deal with it, but
> wondering if I missed some changes that
> might cause this?
>
IMO that's too specific: it will deal with spam from that address, but
each new address needs its own rule. I only use that type of rule to
ding endless sales messages from companies that I bought one item from
and who are unlikely to ever sell me anything else. 

IMO its worth scanning though spam looking for odd phrases or spellings
and making rules to add points for these features. Done carefully, you
can end up with rules that trap that type of spam no matter where it
comes from, i.e. pron, "girls looking for men", banking scams, etc.

Martin


> joe a.
>

> On Thu, 2022-02-03 at 10:50 -0500, joea- lists wrote:
>> SA version 3.4.5
>>
>> Since yesterday 2/2/22 (gasp!) . . . I've noticed an up tick in missed
>> SPAM from .co domain. Though obvious SPAM
>> weight loss, phish, "personals", they are scoring rather low.
>>
>> Added a custom rule for that domain, which should deal with it, but
>> wondering if I missed some changes that
>> might cause this?
>>
> IMO that's too specific: it will deal with spam from that address, but
> each new address needs its own rule. I only use that type of rule to
> ding endless sales messages from companies that I bought one item from
> and who are unlikely to ever sell me anything else.
>
> IMO its worth scanning though spam looking for odd phrases or spellings
> and making rules to add points for these features. Done carefully, you
> can end up with rules that trap that type of spam no matter where it
> comes from, i.e. pron, "girls looking for men", banking scams, etc.
>
> Martin
>

Yes, it is painting with a rather broad brush and there are several other
domain specific rules. Each was done "just for now".

Time to follow your suggestion, but, kind of like laying off from the gym
for a few weeks, then trying to get started again.

joe a.

>> On Thu, 2022?02?03 at 10:50 ?0500, joea? lists wrote:
SA version 3.4.5
>>>
>>> Since yesterday 2/2/22 (gasp!) . . . I've noticed an up tick in
missed
>>> SPAM from .co domain. Though obvious SPAM
>>> weight loss, phish, "personals", they are scoring rather low.
>>>
>>> Added a custom rule for that domain, which should deal with it,
but
>>> wondering if I missed some changes that
>>> might cause this?
>>>
>> IMO that's too specific: it will deal with spam from that address,
but
>> each new address needs its own rule. I only use that type of rule
to
>> ding endless sales messages from companies that I bought one item
from
>> and who are unlikely to ever sell me anything else.
>>
>> IMO its worth scanning though spam looking for odd phrases or
spellings
>> and making rules to add points for these features. Done carefully,
you
>> can end up with rules that trap that type of spam no matter where
it
>> comes from, i.e. pron, "girls looking for men", banking scams,
etc.
>>
>> Martin
>>
>
> Yes, it is painting with a rather broad brush and there are several
other
> domain specific rules. Each was done "just for now".
>
> Time to follow your suggestion, but, kind of like laying off from the
gym
> for a few weeks, then trying to get started again.
>
> joe a.

Found a rule that was hit on all of these, but has scored at 0.0.

Added it to local.cf with a score to put it just at 5.0 and commented
out my domain specific rule. We'll see how it goes.

joe a.

On 2022-02-03 16:50, joea- lists wrote:
> SA version 3.4.5

old version, stable is 3.4.6 now

> Since yesterday 2/2/22 (gasp!) . . . I've noticed an up tick in missed
> SPAM from .co domain. Though obvious SPAM
> weight loss, phish, "personals", they are scoring rather low.

spammer use spamassassin self to make there spam pass spamassassin <vbg>

> Added a custom rule for that domain, which should deal with it, but
> wondering if I missed some changes that
> might cause this?

raise scores on tag that are detected "score foo (1) (1) (1) (1)"
dynamic score adjust

change 1 as you wish

also negative score -1 is supported

dont use static score adjust :=)

i am not a perl freak, lol

idealy we would all make corpus scooring, but i dont have so many mails
yet for this to be stable

> On 2022?02?03 16:50, joea? lists wrote:
>> SA version 3.4.5
>
> old version, stable is 3.4.6 now

Unless there is a pressing reason to update right away, I prefer to
wait for the vendor
supplied package to update. But that is not a hard rule for me.

>> Since yesterday 2/2/22 (gasp!) . . . I've noticed an up tick in
missed
>> SPAM from .co domain. Though obvious SPAM
>> weight loss, phish, "personals", they are scoring rather low.
>
> spammer use spamassassin self to make there spam pass spamassassin
<vbg>
>
>> Added a custom rule for that domain, which should deal with it, but
>> wondering if I missed some changes that
>> might cause this?
>
> raise scores on tag that are detected "score foo (1) (1) (1) (1)"
> dynamic score adjust

Not familiar with dynamic score, guess my reading list just got
longer.

> change 1 as you wish
>
> also negative score ?1 is supported
>
> dont use static score adjust :=)
>
> i am not a perl freak, lol

Me neither. Time to read past the intro on that book with the Camel on
the cover.

> idealy we would all make corpus scooring, but i dont have so many
mails
> yet for this to be stable

Thanks.

joe a.