Stripsearch

[Tom Anderson]

> ----- Original Message ----- 
> From: "Mark Constable" <markc at netserva.com>
>> I'm not sure if others get empty messages but every now
>> and then I get something like this...
>>
>> X-Bogosity: Unsure, tests=bogofilter, spamicity=0.520000, version=0.94.13
>> Content-Type:
>> X-UID: 5829
>> X-Length: 77
>>
>> and nothing much else (mild variations). It just seems to
>> me that stripsearch might be a good place to look for these
>> and to insert something in the body that will then become
>> a spam marker for bogofiltering.

Mark,

I used to receive messages like that too.  I assume they are some kind of 
probe to see if the spammer can send emails to you.  As David says, there 
should be info in the header to score them.  However, if all of the header 
tokens seem neutral or even hammy, you could fix it like I did by using 
"spamitarium": http://orderamidchaos.com/bogofilter/spamitarium

You could also use some DNSBLs at the MTA level to weed off the known 
spammers.  This way they will get a rejection from your mail server during 
the intial handshake before any data is even transmitted.  For me, Spamhaus 
gets a lot of it:

FEATURE(dnsbl,`sbl-xbl.spamhaus.org',`"554 Rejected. " $&{client_addr} " 
found in sbl-xbl.spamhaus.org. Please correct your Spamhaus designation as a 
spammer, and/or contact addressee through other means."')dnl

BTW, over the weekend I received zero unsures, zero false positives, and 
just one false negative in several hundred messages.  With just a little 
more training, I will have virtually no spam problem anymore.

 Tom