[Mimedefang] greylisting and HABEAS_SWE
WBrown at e1b.org
WBrown at e1b.org
Fri Jan 16 13:12:08 EST 2004
mimedefang-bounces at lists.roaringpenguin.com wrote on 01/16/2004 12:37:06
PM:
> Thanks to Lucas and Dave Skoll for that code. It was very easy to
> get it running. But this morning I was somewhat disappointed that
> there was still a lot of spam getting through I was hoping it'd
> stop. In particular a large amount of pharma spam. Upon looking at
> it it also had headers triggering the HABEAS_SWE test resulting in
> a negative spam score. Is anyone familiar with this compensation
> test and the company behind this header? I resisted the impulse
> to just remove the test. (Yes, I know that greylisting is not related
> to those headers in any manner) The greylisting is working for
> numerous other spams.
habeus seems to be pretty much on the up and up. And they take abuse of
their copyrighted material very seriously. You should report the senders
that are abusing their spam so they can be added to the Habeus Infringer
List. Make sure your SA config checks it. They show these SA rules on
their configuration page:
header HABEAS_SWE X-Habeas-SWE-3 =~ /like Habeas SWE \(tm\)/
describe HABEAS_SWE Sender Warranted Email, see www.habeas.com
score HABEAS_SWE -100
header HABEAS_HIL rbleval:check_rbl('hil', 'hil.habeas.com.')
describe HABEAS_HIL Sender is on www.habeas.com Habeas Infringer List
Score HABEAS_HIL 105.0
> What I've done - and I've used this as a stop gap in several cases
> previously is that I have a "HOTLIST" test in
/etc/mimedefang/spamassassin
> in 22_body_hot_lately.cf that scans mails for strings I see in the URLS
> associated with persistent high volume spam that is somehow sneaking
> around the other tests. All of these that were slipping through this
> morning have a distinctive string.
I added BigEvil.cf to my SA two days ago based on it's mention on this
list. Some of the crud that was getting through is now gone.
More information about the MIMEDefang
mailing list