[OT] Re: spamassassin record score?

Todd Zullinger tmz at pobox.com
Tue Jan 30 17:01:09 UTC 2007


Steve Siegfried wrote:
> But I've got a question: what's the highest spam score anybody has
> seen spamassassin assign any particular email (without local fudging
> for "I never wanna hear from this guy again")?
> 
> I only keep a month's worth of spam in my just-in-case-it-isn't-spam
> folders and so far, the highest score I've seen is 69.0.  Can
> anybody top that, and if so, could you post the X-spam-* headers?

I have one that beats it slightly at 72.3.  I haven't tweaked the
default SA scores much, except to bump the BAYES scores slightly
(though I believe this example pre-dates my changes).  As you can
tell, I keep spam around for a good while.  I am a bit of a pack rat.

Here are the SA headers from that gem:

X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on psilocybe
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=72.3 required=5.0 tests=BAYES_99,DRUGS_ANXIETY,
        DRUGS_ANXIETY_EREC,DRUGS_ANXIETY_OBFU,DRUGS_DIET,DRUGS_DIET_OBFU,
        DRUGS_ERECTILE,DRUGS_ERECTILE_OBFU,DRUGS_MANYKINDS,DRUGS_MUSCLE,
        DRUGS_PAIN,DRUGS_SLEEP,DRUGS_SLEEP_EREC,FORGED_RCVD_HELO,FUZZY_AMBIEN,
        FUZZY_PHENT,FUZZY_VLIUM,FUZZY_XPILL,INFO_TLD,LONGWORDS,
        RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,
        RCVD_HELO_IP_MISMATCH,RCVD_IN_DSBL,RCVD_IN_SORBS_SOCKS,
        RCVD_IN_WHOIS_BOGONS,RCVD_IN_WHOIS_INVALID,RCVD_IN_XBL,
        RCVD_NUMERIC_HELO,SUBJECT_DRUG_GAP_L,URIBL_AB_SURBL,URIBL_JP_SURBL,
        URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL,
        URI_NO_WWW_INFO_CGI autolearn=spam version=3.1.0
X-Spam-Report:
        *  2.3 SUBJECT_DRUG_GAP_L Subject contains a gappy version of 'levitra'
        *  0.1 FORGED_RCVD_HELO Received: contains a forged HELO
        *  4.0 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but
        *      should
        *  1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
        *  0.2 FUZZY_VLIUM BODY: Attempt to obfuscate words in spam
        *  3.3 FUZZY_XPILL BODY: Attempt to obfuscate words in spam
        *  0.4 FUZZY_AMBIEN BODY: Attempt to obfuscate words in spam
        *  1.8 FUZZY_PHENT BODY: Attempt to obfuscate words in spam
        *  1.3 INFO_TLD URI: Contains an URL in the INFO top-level domain
        *  4.1 URI_NO_WWW_INFO_CGI URI: CGI in .info TLD other than third-level
        *      "www"
        *  3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
        *      [score: 1.0000]
        *  1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
        *      above 50%
        *      [cf: 100]
        *  0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
        *  0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
        *      [cf: 100]
        *  3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
        *      [211.198.176.86 listed in sbl-xbl.spamhaus.org]
        *  2.4 RCVD_IN_WHOIS_BOGONS RBL: CompleteWhois: sender on bogons IP block
        *      [115.24.68.224 listed in combined-HIB.dnsiplists.completewhois.com]
        *  2.2 RCVD_IN_SORBS_SOCKS RBL: SORBS: sender is open SOCKS proxy server
        *      [211.198.176.86 listed in dnsbl.sorbs.net]
        *  2.6 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
        *      [<http://dsbl.org/listing?211.198.176.86>]
        *  2.2 RCVD_IN_WHOIS_INVALID RBL: CompleteWhois: sender on invalid IP
        *      block
        *      [211.198.176.86 listed in combined-HIB.dnsiplists.completewhois.com]
        *  1.6 URIBL_SBL Contains an URL listed in the SBL blocklist
        *      [URIs: dotmate.info]
        *  3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
        *      [URIs: dotmate.info]
        *  4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
        *      [URIs: dotmate.info]
        *  2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
        *      [URIs: dotmate.info]
        *  3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
        *      [URIs: dotmate.info]
        *  4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
        *      [URIs: dotmate.info]
        *  2.4 DRUGS_ERECTILE_OBFU Obfuscated reference to an erectile drug
        *  0.5 DRUGS_ERECTILE Refers to an erectile drug
        *  1.7 DRUGS_ANXIETY_OBFU Obfuscated reference to an anxiety control drug
        *  0.4 DRUGS_ANXIETY Refers to an anxiety control drug
        *  0.0 DRUGS_MUSCLE Refers to a muscle relaxant
        *  2.3 DRUGS_DIET_OBFU Obfuscated reference to a diet drug
        *  0.6 DRUGS_DIET Refers to a diet drug
        *  0.0 DRUGS_SLEEP Refers to a sleep aid drug
        *  0.0 DRUGS_PAIN Refers to a pain relief drug
        *  3.8 LONGWORDS Long string of long words
        *  2.7 DRUGS_SLEEP_EREC Refers to both an erectile and a sleep aid drug
        *  0.2 DRUGS_ANXIETY_EREC Refers to both an erectile and an anxiety drug
        *  0.0 DRUGS_MANYKINDS Refers to at least four kinds of drugs

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
I used to think the brain was the most advanced part of the body.
Then I realized, look what's telling me that.
    -- Emo Phillips

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20070130/c91482f4/attachment-0002.bin 


More information about the users mailing list