[antispam-f] Re: Recent Spam

  • From: Jeremy Nicoll - freelists <jn.flists.73@xxxxxxxxxxxxxxxxxxxx>
  • To: antispam@xxxxxxxxxxxxx
  • Date: Fri, 30 Nov 2007 17:34:27 +0000

Dave Barnett <as10@xxxxxxxxxxxxxxxxx> wrote:

> In a recent message           Jeremy Nicoll - freelists 
> <jn.flists.73@xxxxxxxxxxxxxxxxxxxx> wrote:
 
> > Goodness, do you mean you don't check the log after every run?
> 
> At 1k+/day ATM, no :-(

One of the things I realised a while ago is that I trust some tests in my
rules file far more than others.  For example certain subjects will always
be garbage.  I added (to my own version of AS) something I call a BATCH
name.  The rules file eg contains:


BATCH Bank spoofs

  DELETE rules for bank-account phishers
  ...


...

BATCH Bigger bits

  DELETE ... lots of enhancement subjects



So inside AS, each rule has stored with it the "batch name" that I've
allocated to that set of rules.


In the logs which result, each matching test is described including the
batch name that's relevant, eg lines look like

<timestamp> del-msg 1 (sz=1,053)    [Bigger bits]      deleted on rule ....

and when I check the logs I have StrongEd isolate just the 'delete' summary
lines and sort the display according to the [rule name].  So in the summary
all the rules that were variants on "Bigger bits" are listed together.  As I
have been careful in defining those rules I trust them.  Others I trust less
and check each one to see what was actually deleted.



-- 
Jeremy Nicoll - my opinions are my own


Other related posts: