[Mimedefang] greylisting and HABEAS_SWE

[John Maddalozzo]

I've been lurking on this list a while and have benefited from a lot of
ideas. Thanks to everyone who participates. The list is probably the
best one I subscribe to in terms high usefullness/blabber quotient.

Just some remarks and observations. 

I just turned on greylisting last night using the code posted by Lucas
Albers in November. 

http://lists.roaringpenguin.com/pipermail/mimedefang/2003-November/018252.html

Thanks to Lucas and Dave Skoll for that code. It was very easy to
get it running.  But this morning I was somewhat disappointed that
there was still a lot of spam getting through I was hoping it'd
stop. In particular a large amount of pharma spam. Upon looking at
it it also had headers triggering the HABEAS_SWE test resulting in
a negative spam score. Is anyone familiar with this compensation
test and the company behind this header?  I resisted the impulse
to just remove the test. (Yes, I know that greylisting is not related 
to those headers in any manner) The greylisting is working for
numerous other spams.

What I've done - and I've used this as a stop gap in several cases
previously is that I have a "HOTLIST" test in /etc/mimedefang/spamassassin
in 22_body_hot_lately.cf that scans mails for strings I see in the URLS
associated with persistent high volume spam that is somehow sneaking
around the other tests. All of these that were slipping through this
morning have a distinctive string.

Regards, John