Here is another example.
X-SpamDetect: ********: 8.8 sd=8.8 0.99(SpamAssassin) 0.99(SA5) 0.99(SA6) 0.99(SA7) 0.99(SA8) 0.99(SA9) 0.99(SA10) 0.99(SA11) 0.99(SA12) 0.99(SA13) 0.99(SA14) 0.99(SA15) 0.99(SA16) 0.99(SA17) 0.99(SA18) 0.99(SA19) 0.99(SA20) 0.99(SA21) 0.99(SA22) 0.04((!X-UrlForgery:_EXISTS_),(X-myrbl:Color=blue)) 0.12(genuine) 0.12(free_email) [249]0.15 [193]0.85 [153]0.15 [168]0.80 [223]0.22 [246]0.23 [112]0.70 [182]0.31 [116]0.32 [171]0.62 [164]0.62 [177]0.39 [nnot=9,ng=5,nsum=19,nb=19,nw=1,10.91]
This message hit all of the following calls in sf_mfilter_local.txt. It still only scored 8.8, which is just above the threshold to quarantine the message.
call feature_manual(0.99,"SA22") call feature_manual(0.99,"SA21") call feature_manual(0.99,"SA20") call feature_manual(0.99,"SA19") call feature_manual(0.99,"SA18") call feature_manual(0.99,"SA17") call feature_manual(0.99,"SA16") call feature_manual(0.99,"SA15") call feature_manual(0.99,"SA14") call feature_manual(0.99,"SA13") call feature_manual(0.99,"SA12") call feature_manual(0.99,"SA11") call feature_manual(0.99,"SA10") call feature_manual(0.99,"SA9") call feature_manual(0.99,"SA8") call feature_manual(0.99,"SA7") call feature_manual(0.99,"SA6") call feature_manual(0.99,"SA5") call feature_manual(0.99,"SpamAssassin")
Again, there has got to be a better way to do this.
Jim
ChrisP,
I am still seeing messages slip through the filters. The latest one is tagged as follows.
X-SpamDetect: ******: 6.6 sd=6.6 0.99(ClamAV) 0.99(X-ClamAV-Infected) 0.96(X-LangGuess:Wrong) 0.08((X-Phrase:clean),(!X-myrbl:unknown)) 0.13(genuine) 0.14(free_email) 0.85(X-Verify-SMTP present) 0.16(DomainKey-Signature:yahoo) 0.17(genuine_yahoo) 0.19(X-LangGuess:Portuguese) 0.23(dnswl_none) 0.36(X-NotAscii:us-ascii) [141]0.40 [nnot=7,ng=6,nsum=3,nb=3,nw=1,2.61]
So, in addition to 2 calls, which you suggested, tonight I have added 3 more. I now have...
call feature_manual(0.99,"X-ClamAV-Infected") call feature_manual(0.99,"ClamAV") call feature_manual(0.99,"ClamAV ") call feature_manual(0.99," ClamAV") call feature_manual(0.99," ClamAV ")
That makes a total of 5 feature_manual calls to try to force SurgeMail to score the message high enough to guarantee that it will be placed in the spam quarantine. There has got to be a better way to do this! Is there not simply a way to add a specific value to the score? It would seem to make better sense to just have one call to a function that allowed me to add 50 or 99 or 999 points to the spam score (whatever it takes to guarantee that the message is quarantined).
As asked before, would feature_add(99, "ClamAV") do what I need with one call? I have read the documentation on feature_add and feature_manual and also looked at the examples in sf_mfilter.txt, but I still do not understand the difference between the two commands or how to use them properly.
Jim Lohiser Imagine Net, Inc.
Not easily, but you can trick it by adding a second rule... call feature_manual(0.99,"ClamAV1") call feature_manual(0.99,"ClamAV2") That should have the desired result. ChrisP. SurgeMail List, I am trying to find out if it is possible to tell SurgeMail that a message is 100% spam via sf_mfilter_local.txt. I currently have the following rules in place. if (isin("X-SpamCmd","Is Spam")) then if (isin("X-SpamCmd","r=250")) then call feature_manual(0.99,"ClamAV Detection") else call feature_manual(0.99,"SpamAssassin Detection") end if end if The problem is that other rules can push the score down so that it is not considered spam, as in the example below. 7.2 sd=7.2 0.99(ClamAV Detection) 0.15(genuine) 0.15(free_email) 0.85(X-Verify-SMTP present) 0.80(X-Phrase:isspam) 0.20(dnswl_none) 0.23(genuine_yahoo) 0.67(X-NotAscii:utf) 0.34(DomainKey-Signature:yahoo) 0.40(X-myrbl:Color=orange) [nnot=5,ng=2,nsum=1,nb=1,nw=0,1.61]In this example, ClamAV detected something in the message. I would like to make 100% sure that the message is considered spam if ClamAV finds something. However, using feature_manual(0.99,"ClamAV Detection") is not sufficient since the other rules drive down the score and allow the message to pass. Is my only option to use g_spam_cmd_reject and bounce the message rather than putting it in the quarantine or is there a way to push the score up higher within sf_mfilter_local.txt? For example, is there a way to add 50 or 100 to the message score OR define the exact score (ignoring other rules) within sf_mfilter_local.txt? Would u {excessively long token truncated} Jim Lohiser Imagine Net, Inc.
|