Hi ,
can you zip up an example message that gets through with the
wrong score so I can test it exactly as you
are seeing it, my first guess is you are seeing ones that
don't match some part of your rules hence I need
a sample to eliminate that possibility.
ChrisP
Warren Michelsen wrote on Sunday, October 15, 2006 at 7:34
a.m. (-0700):
>At 10:10 AM +0200 10/9/06, Emil Werbes Hempel sent email
regarding
>GIF Image spam:
>>Hi,
>>
>>I have modified a netwinsite rule and put it in the
local.rul file:
>>
>>if (size()>8000) then
>> if (size()<80000) then
>> if (isin("body","Content-Type:
image/gif")) then
>> call spamdetect(5,"ImageSize")
>> end if
>> if
(isin("rawbody","hspace=0")) then
>> call spamdetect(5,"ImageSize")
>> end if
>> if (isin("rawbody","cid:"))
then
>> if (isin("rawbody","id="))
then
>> call spamdetect(5,"ImageSize")
>> end if
>> end if
>> end if
>>end if
>
>I have added this (with a few modified values) to my
local.rul and I
>still see many gif spams coming through with the
"ImageSize" aspam
>values assigned per aspam_mfilter.txt.
>
>My modified version is:
>
>if (size()>1000) then
> if (size()<15000) then
> if (isin("body","Content-Type:
image/gif")) then
> call spamdetect(5.5,"ImageSize")
> end if
> if (isin("rawbody","hspace=0"))
then
> call spamdetect(5.5,"ImageSize")
> end if
> if (isin("rawbody","cid:")) then
> if (isin("rawbody","id=")) then
> call spamdetect(5.5,"ImageSize")
> end if
> end if
> end if
>end if
>
>Why aren't the aspam_mfilter.txt rules being overridden
in most
>cases? (Yes, I've done tellmail reload -- even restarted
the server.)
>
>
>
>
|