For some reason it seems that more and more blockwords are slipping through the filter.  I don't know if I have a problem somewhere or if there is a logic problem that might be occuring in the code.  I am on 2.1.2.406 and have a sample of one that made it through this morning that should have been caught 2 different ways on the subject line alone but wasn't.  Here is the log extract for transaction 4868:

02/19/05 06:52:10:420 -- (4868) Connection from: 200.171.170.186  -  Originating country : Brazil
02/19/05 06:52:10:576 -- (2060) Connection from: 69.218.98.241  -  Originating country : United States
02/19/05 06:52:11:826 -- (4808) Connection from: 207.182.156.22  -  Originating country : United States
02/19/05 06:52:12:232 -- (2060) Resolving 69.218.98.241 - adsl-69-218-98-241.dsl.chcgil.ameritech.net
02/19/05 06:52:12:498 -- (5168) Found Keywords: [Subject:pre qualification]
02/19/05 06:52:12:498 -- (5168) EMail from mailto:Kristen.Mccracken@doramail.com - Kristen.Mccracken@doramail.com to mailto:richw@portptld.com - richw@portptld.com matches content filter rules - rejected.
02/19/05 06:52:12:529 -- (5168) EMail from mailto:Kristen.Mccracken@doramail.com - Kristen.Mccracken@doramail.com to mailto:richw@portptld.com - richw@portptld.com was received and quarantined. Size: 1 KB, 1024 bytes
02/19/05 06:52:12:560 -- (4240) Time to add Msg to Bayes corpus:0
02/19/05 06:52:12:607 -- (4868) Resolving 200.171.170.186 - 200-171-170-186.dsl.telesp.net.br
02/19/05 06:52:12:638 -- (4868) - SPF analysis for yahoo.com done: - none
02/19/05 06:52:12:638 -- (4868) Mail from: mailto:sfuller_kg@yahoo.com - sfuller_kg@yahoo.com
02/19/05 06:52:12:795 -- (4808) Resolving 207.182.156.22 - mail5.certa6.com
02/19/05 06:52:12:888 -- (4868) - MAPS search done...
02/19/05 06:52:12:888 -- (4868) RCPT TO: mailto:postmaster@portptld.com - postmaster@portptld.com accepted
02/19/05 06:52:13:076 -- (4808) - SPF analysis for gsqsstz.certa6.com done: - none
02/19/05 06:52:13:076 -- (4808) Mail from: mailto:bounce-zwbwwtpitmn@gsqsstz.certa6.com - bounce-zwbwwtpitmn@gsqsstz.certa6.com
02/19/05 06:52:13:076 -- (2060) - SPF analysis for mappi.helsinki.fi done: - none
02/19/05 06:52:13:076 -- (2060) Mail from: mailto:rene_myers75@mappi.helsinki.fi - rene_myers75@mappi.helsinki.fi
02/19/05 06:52:13:138 -- (5168) Disconnect
02/19/05 06:52:13:326 -- (4808) - MAPS search done... 521 The IP 207.182.156.22 is Blacklisted by bl.spamcop.net. Blocked - see http://www.spamcop.net/bl.shtml?207.182.156.22 - http://www.spamcop.net/bl.shtml?207.182.156.22
02/19/05 06:52:13:326 -- (4808) 207.182.156.22 - Mail from: mailto:bounce-zwbwwtpitmn@gsqsstz.certa6.com - bounce-zwbwwtpitmn@gsqsstz.certa6.com To: mailto:collij@portptld.com - collij@portptld.com will be disconnected
02/19/05 06:52:13:326 -- (4808) Disconnect
02/19/05 06:52:13:404 -- (2060) - MAPS search done...
02/19/05 06:52:13:404 -- (2060) RCPT TO: mailto:rankl@portptld.com - rankl@portptld.com accepted
02/19/05 06:52:13:826 -- (2060) Found Keywords: [viagra,drug]
02/19/05 06:52:13:826 -- (2060) EMail from mailto:rene_myers75@mappi.helsinki.fi - rene_myers75@mappi.helsinki.fi to mailto:rankl@portptld.com - rankl@portptld.com matches content filter rules - rejected.
02/19/05 06:52:13:857 -- (2060) EMail from mailto:rene_myers75@mappi.helsinki.fi - rene_myers75@mappi.helsinki.fi to mailto:rankl@portptld.com - rankl@portptld.com was received and quarantined. Size: 1 KB, 1024 bytes
02/19/05 06:52:13:888 -- (4240) Time to add Msg to Bayes corpus:0
02/19/05 06:52:14:138 -- (2060) Disconnect
02/19/05 06:52:14:279 -- (5696) Disconnect
02/19/05 06:52:14:451 -- (5668) Disconnect
02/19/05 06:52:14:873 -- (4868) EMail from mailto:sfuller_kg@yahoo.com - sfuller_kg@yahoo.com to mailto:postmaster@portptld.com - postmaster@portptld.com passes Bayesian filter - 0% spam  (0ms)
02/19/05 06:52:14:873 -- (4868) EMail from mailto:sfuller_kg@yahoo.com - sfuller_kg@yahoo.com to mailto:postmaster@portptld.com - postmaster@portptld.com was queued. Size: 1 KB, 1024 bytes
02/19/05 06:52:14:873 -- (6092) Sending email from mailto:sfuller_kg@yahoo.com - sfuller_kg@yahoo.com to mailto:postmaster@portptld.com - postmaster@portptld.com
02/19/05 06:52:14:904 -- (4240) Time to add Msg to Bayes corpus:0
02/19/05 06:52:15:591 -- (6092) EMail from mailto:sfuller_kg@yahoo.com - sfuller_kg@yahoo.com to mailto:postmaster@portptld.com - postmaster@portptld.com   was forwarded to 10.192.34.83:25
02/19/05 06:52:15:841 -- (4868) Disconnect

The subject line had the words "Sexually explicit - " in the first part of the subject line and I have this line in by blockwords file - Subject:sexually explicit

Do I have to worry about case on these?

Terry

I may have found the problem here...it appears that what I see in the subject line is not what is exactly there...if I look at the message header I see the following:

Subject: =?ISO-8859-1?b?U2V4dWFsbHkgZXhwbGljaXQgLSBNYXNzaXZlIGRpY2sga W4gYWN0aW9uICAgIGxo?=
Not exactly what is displayed when you get the message. 

Is it safe to add the following to the blockwords file:

Subject:=?ISO

or would I be blocking something important here?

Terry

Terry,

This works in MOST cases:

((?i)Subject:=\?ISO\-\d*\-\1?.*\?[a-z0-9]{20,})
AND ALSO
((?i)Subject:=\?utf\-\d*\?.*\?[a-z0-9]{20,})

The second one blocks about 5 times as many as the first in my system.

Same warning that Roberto states above however.

Dan S.