[Mimedefang] greylisting and HABEAS_SWE

[WBrown at e1b.org]

mimedefang-bounces at lists.roaringpenguin.com wrote on 01/16/2004 12:37:06 
PM:

> Thanks to Lucas and Dave Skoll for that code. It was very easy to
> get it running.  But this morning I was somewhat disappointed that
> there was still a lot of spam getting through I was hoping it'd
> stop. In particular a large amount of pharma spam. Upon looking at
> it it also had headers triggering the HABEAS_SWE test resulting in
> a negative spam score. Is anyone familiar with this compensation
> test and the company behind this header?  I resisted the impulse
> to just remove the test. (Yes, I know that greylisting is not related 
> to those headers in any manner) The greylisting is working for
> numerous other spams.

habeus seems to be pretty much on the up and up.  And they take abuse of 
their copyrighted material very seriously.  You should report the senders 
that are abusing their spam so they can be added to the Habeus Infringer 
List.  Make sure your SA config checks it.  They show these SA rules on 
their configuration page:

header HABEAS_SWE X-Habeas-SWE-3 =~ /like Habeas SWE \(tm\)/
describe HABEAS_SWE Sender Warranted Email, see www.habeas.com
score HABEAS_SWE -100
header HABEAS_HIL rbleval:check_rbl('hil', 'hil.habeas.com.')
describe HABEAS_HIL Sender is on www.habeas.com Habeas Infringer List
Score HABEAS_HIL 105.0 

> What I've done - and I've used this as a stop gap in several cases
> previously is that I have a "HOTLIST" test in 
/etc/mimedefang/spamassassin
> in 22_body_hot_lately.cf that scans mails for strings I see in the URLS
> associated with persistent high volume spam that is somehow sneaking
> around the other tests. All of these that were slipping through this
> morning have a distinctive string.

I added BigEvil.cf to my SA two days ago based on it's mention on this 
list.  Some of the crud that was getting through is now gone.