Stripsearch
Tom Anderson
tanderso at oac-design.com
Mon Jun 13 16:38:00 CEST 2005
> ----- Original Message -----
> From: "Mark Constable" <markc at netserva.com>
>> I'm not sure if others get empty messages but every now
>> and then I get something like this...
>>
>> X-Bogosity: Unsure, tests=bogofilter, spamicity=0.520000, version=0.94.13
>> Content-Type:
>> X-UID: 5829
>> X-Length: 77
>>
>> and nothing much else (mild variations). It just seems to
>> me that stripsearch might be a good place to look for these
>> and to insert something in the body that will then become
>> a spam marker for bogofiltering.
Mark,
I used to receive messages like that too. I assume they are some kind of
probe to see if the spammer can send emails to you. As David says, there
should be info in the header to score them. However, if all of the header
tokens seem neutral or even hammy, you could fix it like I did by using
"spamitarium": http://orderamidchaos.com/bogofilter/spamitarium
You could also use some DNSBLs at the MTA level to weed off the known
spammers. This way they will get a rejection from your mail server during
the intial handshake before any data is even transmitted. For me, Spamhaus
gets a lot of it:
FEATURE(dnsbl,`sbl-xbl.spamhaus.org',`"554 Rejected. " $&{client_addr} "
found in sbl-xbl.spamhaus.org. Please correct your Spamhaus designation as a
spammer, and/or contact addressee through other means."')dnl
BTW, over the weekend I received zero unsures, zero false positives, and
just one false negative in several hundred messages. With just a little
more training, I will have virtually no spam problem anymore.
Tom
More information about the Bogofilter
mailing list