You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by ram <ta...@gmail.com> on 2010/01/27 16:18:25 UTC
how can i finetune to spamassassin to handle spams
Hi
i recently installed 3.2.5 version of spamassassin
iam runing with simscan+spamassassin+clamav
it works, but i see most of the mails are tagged as SPAM.
like example
Jan 27 20:36:28 mail spamd[15138]: spamd: identified spam (9.1/5.0) for
simscan:509 in 3.7 seconds, 584 bytes.
Jan 27 20:36:28 mail spamd[15138]: spamd: result: Y 9 -
BAYES_99,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,MISSING_MID,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK
scantime=3.7,size=584,user=simscan,uid=509,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48597,mid=(unknown),bayes=0.998146,autolearn=no
Jan 27 20:34:59 mail spamd[15138]: spamd: processing message <
20100127134941.24E0F4EF2B0@mx.aguasguariroba.com.br> for simscan:509
Jan 27 20:35:03 mail spamd[15138]: spamd: identified spam (12.0/5.0) for
simscan:509 in 4.1 seconds, 1646 bytes.
Jan 27 20:35:03 mail spamd[15138]: spamd: result: Y 12 -
BAYES_99,FORGED_MUA_OUTLOOK,MSOE_MID_WRONG_CASE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK,SUBJ_ALL_CAPS
scantime=4.1,size=1646,user=simscan,uid=509,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=48587,mid=<
20100127134941.24E0F4EF2B0@mx.aguasguariroba.com.br>,bayes=1.000000,autolearn=no<20100127134941.24E0F4EF2B0@mx.aguasguariroba.com.br%3E,bayes=1.000000,autolearn=no>
and after installation i have run sa-update and restarted spamassassin
i do not see its updating in /usr/share/spamassassin
but i see there are files updated in /var/lib/spamassassin/
my config
/etc/sysconfig/spamassassin
# Options to spamd
SPAMDOPTIONS="-x -u spamd -H /home/spamd -d"
grep FH_DATE_PAST_20XX /usr/share/spamassassin/72_active.cf
##{ FH_DATE_PAST_20XX
header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX The date is grossly in the future.
##} FH_DATE_PAST_20XX
grep FH_DATE_PAST_20XX
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
##{ FH_DATE_PAST_20XX
header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX The date is grossly in the future.
##} FH_DATE_PAST_20XX
more /etc/mail/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]
any advice will be appriciated
Ram
Re: how can i finetune to spamassassin to handle spams
Posted by ram <ta...@gmail.com>.
On Thu, Jan 28, 2010 at 11:11 PM, Alex <my...@gmail.com> wrote:
> >> What is the output from "sa-learn --dump magic" ?
> >
> >
> > 0.000 0 3 0 non-token data: bayes db version
> > 0.000 0 0 0 non-token data: nspam
> > 0.000 0 0 0 non-token data: nham
>
> Are you sure you are running sa-learn as the user that actually
> contains the database? This should be the user that spamd or
> amavisd-new is running as.
>
> Have you done anything that may have deleted the bayes database? Have
> you at any point in the past properly trained the database and is it
> enabled with "use_bayes 1" in local.cf?
>
>
yes iam running that command inside spamd user
in the document said use_bayes default to 1
iam just trying to learn, what is the best way to learn bayes and fine tune
the configs
Ram
> Best,
> Alex
>
Re: how can i finetune to spamassassin to handle spams
Posted by Alex <my...@gmail.com>.
>> What is the output from "sa-learn --dump magic" ?
>
>
> 0.000 0 3 0 non-token data: bayes db version
> 0.000 0 0 0 non-token data: nspam
> 0.000 0 0 0 non-token data: nham
Are you sure you are running sa-learn as the user that actually
contains the database? This should be the user that spamd or
amavisd-new is running as.
Have you done anything that may have deleted the bayes database? Have
you at any point in the past properly trained the database and is it
enabled with "use_bayes 1" in local.cf?
Best,
Alex
Re: how can i finetune to spamassassin to handle spams
Posted by Rick Macdougall <ri...@ummm-beer.com>.
On 28/01/2010 9:52 AM, Bowie Bailey wrote:
> ram wrote:
>>
>> * 3.4 FH_DATE_PAST_20XX The date is grossly in the future.
>
> This rule started causing problems at the beginning of the year and was
> fixed. Have you run sa-update to get the latest rules?
>
And don't forget to restart spamd and, if needed, run sa-compile.
Rick
Configuration Files (once was: Re: how can i finetune to
spamassassin to handle spams)
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Sat, 2010-01-30 at 01:08 -0500, Alex wrote:
> > > Is this order documented anywhere?
> >
> > man spamassassin
>
> http://wiki.apache.org/spamassassin/FrontPage
> "Internal Server Error"
Err, yeah. Same for http://wiki.apache.org/spamassassin/NoSuchPage and
any other non-existent page it seems. Not nice, but not a problem. The
wiki is here, as linked from the SA main page.
http://wiki.apache.org/spamassassin/
I have no clue where you got that broken link from.
> Not sure what the deal is with that link, but the page you're
> referring to appears to be this one:
>
> http://spamassassin.apache.org/full/3.2.x/doc/spamassassin.html#configuration_files
If you really need a remote file -- yes, that would be about it. I
wasn't actually about that page, though, but the man-pages on your
server. The most visible difference being, that your man-pages show the
exact dirs used on your system, since it knows about your build target
prefix.
> Not sure how I missed that in the past, but it still doesn't say
> anything different from what I said.
Hum? What you said was a question. Alas, you snipped that part in your
reply. Specifically you asked, if the order of /var/lib taking
precedence over /usr/share is documented anywhere.
To answer that question, more precisely this time:
Yes, it is documented. The "spamassassin" man-page on your server tells
you exactly, which dirs in which order will be checked to load the
default configuration data from. The first existing one will be used.
> My sa-update rules are in /var/lib/spamassassin, which is not in the
> search path according to the referenced link,
The referenced link doesn't know about *your* prefix.
> yet "spamassassin --lint -D" clearly shows it is being consulted:
>
> [16288] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
> [16288] dbg: config: read file /etc/mail/spamassassin/init.pre
> [16288] dbg: config: read file /etc/mail/spamassassin/v310.pre
> [16288] dbg: config: read file /etc/mail/spamassassin/v312.pre
> [16288] dbg: config: read file /etc/mail/spamassassin/v320.pre
> [16288] dbg: config: using "/var/lib/spamassassin/3.002005" for sys rules pre files
> [16288] dbg: config: using "/var/lib/spamassassin/3.002005" for default rules dir
>
> None of these .pre files specify any path to any files.
Yes. Any they shouldn't.
> The files "languages" and "user_prefs.template" are in
> /usr/share/spamassassin, along with 10_default_prefs.cf, 72_scores.cf,
> and about 50 other config files.
>
> I did a simple test and it does now look like /usr/share/spamassassin
> is the first directory consulted, as you said, and as I thought until
I did *not* say that. And frankly, according to your snippet above, I
doubt that dir is used at all.
> this incident. Not sure what could have happened, because I know I
> restarted amavisd.
>
> In any case, can I move the languages and user_prefs.template file to
> /etc/mail/spamassassin and dump the whole /usr/share/spamassassin
> directory, then?
No. Do not move (or copy) those files to your site config dir. I don't
get why you would want to do that in the first place, anyway...
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: how can i finetune to spamassassin to handle spams
Posted by Alex <my...@gmail.com>.
Hi,
>> > used instead. You can verify which rules are being used by running this
>> > command:
>>
>> Is this order documented anywhere?
>
> man spamassassin
http://wiki.apache.org/spamassassin/FrontPage
"Internal Server Error"
Not sure what the deal is with that link, but the page you're
referring to appears to be this one:
http://spamassassin.apache.org/full/3.2.x/doc/spamassassin.html#configuration_files
Not sure how I missed that in the past, but it still doesn't say
anything different from what I said.
My sa-update rules are in /var/lib/spamassassin, which is not in the
search path according to the referenced link, yet "spamassassin --lint
-D" clearly shows it is being consulted:
[16288] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
[16288] dbg: config: read file /etc/mail/spamassassin/init.pre
[16288] dbg: config: read file /etc/mail/spamassassin/v310.pre
[16288] dbg: config: read file /etc/mail/spamassassin/v312.pre
[16288] dbg: config: read file /etc/mail/spamassassin/v320.pre
[16288] dbg: config: using "/var/lib/spamassassin/3.002005" for sys
rules pre files
[16288] dbg: config: using "/var/lib/spamassassin/3.002005" for
default rules dir
None of these .pre files specify any path to any files.
The files "languages" and "user_prefs.template" are in
/usr/share/spamassassin, along with 10_default_prefs.cf, 72_scores.cf,
and about 50 other config files.
I did a simple test and it does now look like /usr/share/spamassassin
is the first directory consulted, as you said, and as I thought until
this incident. Not sure what could have happened, because I know I
restarted amavisd.
In any case, can I move the languages and user_prefs.template file to
/etc/mail/spamassassin and dump the whole /usr/share/spamassassin
directory, then?
Thanks,
Alex
Re: how can i finetune to spamassassin to handle spams
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2010-01-28 at 12:39 -0500, Alex wrote:
> > The rules in /usr/share/spamassassin are the original rules from the
> > install. If /var/lib/spamassassin/3.002.005 exists, those rules will be
> > used instead. You can verify which rules are being used by running this
> > command:
>
> Is this order documented anywhere?
man spamassassin
See the Configuration Files section there, pay special attention to the
part that reads "Default configuration data is loaded from the *first*
existing directory in" and the following list. Emphasis added.
Also most likely documented in quite a few other places, including the
SA wiki. I'm aiming for the low hanging fruit here... :)
> When I had this 20XX date problem, it was because
> /usr/share/spamassassin was still being consulted, despite
> /var/lib/spamassassin having the latest rules.
Seriously doubt that. Unless you either didn't restart spamd or a
similar daemon after sa-update, or didn't run sa-update after the rule
has been fixed.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: how can i finetune to spamassassin to handle spams
Posted by Alex <my...@gmail.com>.
Hi,
> Please reply to the list and not directly to me.
Could this be because the standard "Reply", at least using gmail,
defaults to the sender not the list?
> The rules in /usr/share/spamassassin are the original rules from the
> install. If /var/lib/spamassassin/3.002.005 exists, those rules will be
> used instead. You can verify which rules are being used by running this
> command:
Is this order documented anywhere?
When I had this 20XX date problem, it was because
/usr/share/spamassassin was still being consulted, despite
/var/lib/spamassassin having the latest rules.
Thanks,
Alex
Re: how can i finetune to spamassassin to handle spams
Posted by ram <ta...@gmail.com>.
On Fri, Jan 29, 2010 at 8:41 PM, David Morton <mo...@dgrmm.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Bowie Bailey wrote:
> > ram wrote:
> >> iam still in confuse, how can i fine tune sitewide rules to send all
> >> the users to send spam mails to one user ID
> >> and configure rule to calculate based on that user
>
>
> If you are talking about the bayes database,
>
> bayes_sql_username user
>
> will learn all mail under one common bayes database.
>
>
> If you mean forward all spam emails to a email address which is used to
> train the system, then you have a bigger problem. (forwarding email
> usually loses headers)
>
>
>
thanks for quick reply
i was in impression i can forward all mails to one user and tune the base
if that is not workable solution, how can fine tune to learn bay's be best
manner
Ram
Re: how can i finetune to spamassassin to handle spams
Posted by David Morton <mo...@dgrmm.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bowie Bailey wrote:
> ram wrote:
>> iam still in confuse, how can i fine tune sitewide rules to send all
>> the users to send spam mails to one user ID
>> and configure rule to calculate based on that user
If you are talking about the bayes database,
bayes_sql_username user
will learn all mail under one common bayes database.
If you mean forward all spam emails to a email address which is used to
train the system, then you have a bigger problem. (forwarding email
usually loses headers)
- --
David Morton <mo...@dgrmm.net>
Morton Software & Design http://www.dgrmm.net - Ruby on Rails
PHP Applications
Maia Mailguard http://www.maiamailguard.com - Spam management
for mail servers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFLYvqZUy30ODPkzl0RAtuOAKCcxTBKGVt6cKsNYy2/iDW887ffPgCeOV0X
LxzzF0yhXpI2Hsb8Ahz+/SQ=
=w1ki
-----END PGP SIGNATURE-----
Re: how can i finetune to spamassassin to handle spams (not latest
72_active.cf)
Posted by Eddy Beliveau <ed...@hec.ca>.
-------- Message original --------
Sujet : Re: how can i finetune to spamassassin to handle spams (not
latest 72_active.cf)
De : Bowie Bailey <Bo...@BUC.com>
Pour : users@spamassassin.apache.org
Date : 2010-01-29 11:30
> Eddy Beliveau wrote:
>
>> Hi!
>>
>> Interesting subject... which make me checked my 3.3.0 installation
>>
>> I did update spamassassin to version 3.3.0
>> Then I erased /var/lib/spamassassin/*
>> did a "sa-update --verbose"
>> /Update available for channel updates.spamassassin.org
>> Update was available, and was downloaded and installed successfully/
>>
>> cd /var/lib/spamassassin/3.003000/updates_spamassassin_org
>> grep FH_DATE_PAST_20XX 72_active.cf
>>
>> and the grep command display nothing !!
>>
>> Did I missed something ?
>>
>
> Well, if you don't have the rule, then you don't have to worry about it
> misfiring! :)
>
Hi!
Many thanks for your reply.
> Maybe this rule got replaced with something else in 3.3.0. I haven't
> updated my systems yet, so I'm not sure.
>
Yes, it make sense ;-)
Anyway, I just add this to my local.cf file
header DATE_ONE_YEAR_FUTURE
eval:check_for_shifted_date('8760', 'undef')
describe DATE_ONE_YEAR_FUTURE Date: is more than a year in
future after Received: date
lang fr describe DATE_ONE_YEAR_FUTURE Date: est au moins un an après la
date de l'en-tête Received:
score DATE_ONE_YEAR_FUTURE 2.0
score FH_DATE_PAST_20XX 0.0
this way, I won't have to change it every 10 years
Cheers,
Eddy
--
Eddy Beliveau
HEC Montreal
Montreal (Quebec)
Canada
Re: how can i finetune to spamassassin to handle spams (not latest
72_active.cf)
Posted by Bowie Bailey <Bo...@BUC.com>.
Eddy Beliveau wrote:
>
> Hi!
>
> Interesting subject... which make me checked my 3.3.0 installation
>
> I did update spamassassin to version 3.3.0
> Then I erased /var/lib/spamassassin/*
> did a "sa-update --verbose"
> /Update available for channel updates.spamassassin.org
> Update was available, and was downloaded and installed successfully/
>
> cd /var/lib/spamassassin/3.003000/updates_spamassassin_org
> grep FH_DATE_PAST_20XX 72_active.cf
>
> and the grep command display nothing !!
>
> Did I missed something ?
Well, if you don't have the rule, then you don't have to worry about it
misfiring! :)
Maybe this rule got replaced with something else in 3.3.0. I haven't
updated my systems yet, so I'm not sure.
--
Bowie
Re: how can i finetune to spamassassin to handle spams (not latest
72_active.cf)
Posted by Eddy Beliveau <ed...@hec.ca>.
-------- Message original --------
Sujet : Re: how can i finetune to spamassassin to handle spams
De : Bowie Bailey <Bo...@BUC.com>
Pour : users@spamassassin.apache.org
Date : 2010-01-29 09:28
> ram wrote:
>
>>
>>
>> The rules in /usr/share/spamassassin are the original rules from the
>> install. If /var/lib/spamassassin/3.002.005 exists, those rules
>> will be
>> used instead. You can verify which rules are being used by
>> running this
>> command:
>>
>> $ spamassassin --lint -D 2>&1 | grep "read file"
>>
>>
>> spamassassin --lint -D 2>&1 | grep "read file"
>> [26114] dbg: config: read file /etc/mail/spamassassin/init.pre
>> [26114] dbg: config: read file /etc/mail/spamassassin/v310.pre
>> [26114] dbg: config: read file /etc/mail/spamassassin/v312.pre
>> [26114] dbg: config: read file /etc/mail/spamassassin/v320.pre
>> [26114] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
>> <http://updates_spamassassin_org.cf>
>> [26114] dbg: config: read file /etc/mail/spamassassin/local.cf
>> <http://local.cf>
>> [26114] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
>> <http://10_default_prefs.cf>
>> [26114] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf
>> <http://20_advance_fee.cf>
>>
> [snip]
>
>> [26114] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
>> <http://72_scores.cf>
>> [26114] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
>> <http://80_additional.cf>
>>
>
> So you are running from the updated rules...
>
>
>> To see if you have the latest rule, cd to
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org and do this:
>>
>> $ grep FH_DATE_PAST_20XX 72_active.cf <http://72_active.cf/>
>>
>>
>> grep FH_DATE_PAST_20XX 72_active.cf <http://72_active.cf>
>> ##{ FH_DATE_PAST_20XX
>> header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]
>> describe FH_DATE_PAST_20XX The date is grossly in the future.
>> ##} FH_DATE_PAST_20XX
>>
Hi!
Interesting subject... which make me checked my 3.3.0 installation
I did update spamassassin to version 3.3.0
Then I erased /var/lib/spamassassin/*
did a "sa-update --verbose"
/Update available for channel updates.spamassassin.org
Update was available, and was downloaded and installed successfully/
cd /var/lib/spamassassin/3.003000/updates_spamassassin_org
grep FH_DATE_PAST_20XX 72_active.cf
and the grep command display nothing !!
Did I missed something ?
Thanks,
Eddy
Re: how can i finetune to spamassassin to handle spams
Posted by Bowie Bailey <Bo...@BUC.com>.
ram wrote:
>
>
> On Mon, Feb 1, 2010 at 10:23 PM, Bowie Bailey <Bowie_Bailey@buc.com
> <ma...@buc.com>> wrote:
>
> ram wrote:
> > hi
> >
> > what i am looking is
> >
> > iam looking sitewide, not userwide
> >
> > so if the user feel its spam mail, he will send that mail to another
> > email of local account,
> > from there i want to choose the bayes learn and decide what is spam
> > and what is not spam
> >
> > hope i explained well i feel
>
> Yes. Makes much more sense this time! :)
>
> You can do something similar to that, but if you do a normal forward,
> you will generally lose the header information. There are two basic
> ways to do it.
>
> 1) Have the user copy the emails to a local spam folder and then
> have a
> process that collects the mail from those folders and learns from
> it on
> a regular basis. This is easy to do if you are using IMAP or webmail
> since everything is on the server. If you are using POP3, it gets
> more
> complicated since everyone's mail folder is on their own computer.
>
> 2) Have the user forward the mail as an attachment. This will usually
> preserve the headers depending on the mail client. The downside
> is that
> you then have to extract the original mail from the attachment before
> you can learn from it and you have to teach your users how to forward
> mail as an attachment.
>
>
> yes i do have different users
> some use webmail and some use outlook and outlook exress
> diffrent clients using pop3ssl
>
> iam not sure how can i ask user to send spam mail as attachment to
> some user@domain.com <ma...@domain.com>
>
> if spammers know we are allowing user@domain.com
> <ma...@domain.com> everything, they start filling with spam ?
>
> is this correct ?
How to send as an attachment depends on the client.
If spammers start sending spam directly to that address, then you just
get more spam to learn from. That sounds like an added bonus rather
than a problem.
--
Bowie
Re: how can i finetune to spamassassin to handle spams
Posted by ram <ta...@gmail.com>.
On Mon, Feb 1, 2010 at 10:23 PM, Bowie Bailey <Bo...@buc.com> wrote:
> ram wrote:
> > hi
> >
> > what i am looking is
> >
> > iam looking sitewide, not userwide
> >
> > so if the user feel its spam mail, he will send that mail to another
> > email of local account,
> > from there i want to choose the bayes learn and decide what is spam
> > and what is not spam
> >
> > hope i explained well i feel
>
> Yes. Makes much more sense this time! :)
>
> You can do something similar to that, but if you do a normal forward,
> you will generally lose the header information. There are two basic
> ways to do it.
>
> 1) Have the user copy the emails to a local spam folder and then have a
> process that collects the mail from those folders and learns from it on
> a regular basis. This is easy to do if you are using IMAP or webmail
> since everything is on the server. If you are using POP3, it gets more
> complicated since everyone's mail folder is on their own computer.
>
> 2) Have the user forward the mail as an attachment. This will usually
> preserve the headers depending on the mail client. The downside is that
> you then have to extract the original mail from the attachment before
> you can learn from it and you have to teach your users how to forward
> mail as an attachment.
>
>
yes i do have different users
some use webmail and some use outlook and outlook exress
diffrent clients using pop3ssl
iam not sure how can i ask user to send spam mail as attachment to some
user@domain.com
if spammers know we are allowing user@domain.com everything, they start
filling with spam ?
is this correct ?
ram
Re: how can i finetune to spamassassin to handle spams
Posted by Bowie Bailey <Bo...@BUC.com>.
ram wrote:
> hi
>
> what i am looking is
>
> iam looking sitewide, not userwide
>
> so if the user feel its spam mail, he will send that mail to another
> email of local account,
> from there i want to choose the bayes learn and decide what is spam
> and what is not spam
>
> hope i explained well i feel
Yes. Makes much more sense this time! :)
You can do something similar to that, but if you do a normal forward,
you will generally lose the header information. There are two basic
ways to do it.
1) Have the user copy the emails to a local spam folder and then have a
process that collects the mail from those folders and learns from it on
a regular basis. This is easy to do if you are using IMAP or webmail
since everything is on the server. If you are using POP3, it gets more
complicated since everyone's mail folder is on their own computer.
2) Have the user forward the mail as an attachment. This will usually
preserve the headers depending on the mail client. The downside is that
you then have to extract the original mail from the attachment before
you can learn from it and you have to teach your users how to forward
mail as an attachment.
--
Bowie
Re: how can i finetune to spamassassin to handle spams
Posted by ram <ta...@gmail.com>.
On Fri, Jan 29, 2010 at 7:58 PM, Bowie Bailey <Bo...@buc.com> wrote:
> ram wrote:
> >
> >
> > The rules in /usr/share/spamassassin are the original rules from the
> > install. If /var/lib/spamassassin/3.002.005 exists, those rules
> > will be
> > used instead. You can verify which rules are being used by
> > running this
> > command:
> >
> > $ spamassassin --lint -D 2>&1 | grep "read file"
> >
> >
> > spamassassin --lint -D 2>&1 | grep "read file"
> > [26114] dbg: config: read file /etc/mail/spamassassin/init.pre
> > [26114] dbg: config: read file /etc/mail/spamassassin/v310.pre
> > [26114] dbg: config: read file /etc/mail/spamassassin/v312.pre
> > [26114] dbg: config: read file /etc/mail/spamassassin/v320.pre
> > [26114] dbg: config: read file
> > /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
> > <http://updates_spamassassin_org.cf>
> > [26114] dbg: config: read file /etc/mail/spamassassin/local.cf
> > <http://local.cf>
> > [26114] dbg: config: read file
> > /var/lib/spamassassin/3.002005/updates_spamassassin_org/
> 10_default_prefs.cf
> > <http://10_default_prefs.cf>
> > [26114] dbg: config: read file
> > /var/lib/spamassassin/3.002005/updates_spamassassin_org/
> 20_advance_fee.cf
> > <http://20_advance_fee.cf>
> [snip]
> > [26114] dbg: config: read file
> > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
> > <http://72_scores.cf>
> > [26114] dbg: config: read file
> > /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
> > <http://80_additional.cf>
>
> So you are running from the updated rules...
>
> > To see if you have the latest rule, cd to
> > /var/lib/spamassassin/3.002005/updates_spamassassin_org and do this:
> >
> > $ grep FH_DATE_PAST_20XX 72_active.cf <http://72_active.cf/>
> >
> >
> > grep FH_DATE_PAST_20XX 72_active.cf <http://72_active.cf>
> > ##{ FH_DATE_PAST_20XX
> > header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]
> > describe FH_DATE_PAST_20XX The date is grossly in the future.
> > ##} FH_DATE_PAST_20XX
>
> and you are up to date on this rule.
>
> > You should see this rule if you have the latest update:
> >
> >
> > header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/
> > [if-unset: 2006]
> >
> >
> >
> > yes i see that line, i belive now thats, after update the sa-update
> > and rules taking updated files.
>
> Are you still seeing false positives with this rule?
>
> > iam still in confuse, how can i fine tune sitewide rules to send all
> > the users to send spam mails to one user ID
> > and configure rule to calculate based on that user
>
> I am not following this. Please restate the question.
>
hi
what i am looking is
iam looking sitewide, not userwide
so if the user feel its spam mail, he will send that mail to another email
of local account,
from there i want to choose the bayes learn and decide what is spam and what
is not spam
hope i explained well i feel
Ram
Re: how can i finetune to spamassassin to handle spams
Posted by Bowie Bailey <Bo...@BUC.com>.
ram wrote:
>
>
> The rules in /usr/share/spamassassin are the original rules from the
> install. If /var/lib/spamassassin/3.002.005 exists, those rules
> will be
> used instead. You can verify which rules are being used by
> running this
> command:
>
> $ spamassassin --lint -D 2>&1 | grep "read file"
>
>
> spamassassin --lint -D 2>&1 | grep "read file"
> [26114] dbg: config: read file /etc/mail/spamassassin/init.pre
> [26114] dbg: config: read file /etc/mail/spamassassin/v310.pre
> [26114] dbg: config: read file /etc/mail/spamassassin/v312.pre
> [26114] dbg: config: read file /etc/mail/spamassassin/v320.pre
> [26114] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
> <http://updates_spamassassin_org.cf>
> [26114] dbg: config: read file /etc/mail/spamassassin/local.cf
> <http://local.cf>
> [26114] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
> <http://10_default_prefs.cf>
> [26114] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf
> <http://20_advance_fee.cf>
[snip]
> [26114] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
> <http://72_scores.cf>
> [26114] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
> <http://80_additional.cf>
So you are running from the updated rules...
> To see if you have the latest rule, cd to
> /var/lib/spamassassin/3.002005/updates_spamassassin_org and do this:
>
> $ grep FH_DATE_PAST_20XX 72_active.cf <http://72_active.cf/>
>
>
> grep FH_DATE_PAST_20XX 72_active.cf <http://72_active.cf>
> ##{ FH_DATE_PAST_20XX
> header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]
> describe FH_DATE_PAST_20XX The date is grossly in the future.
> ##} FH_DATE_PAST_20XX
and you are up to date on this rule.
> You should see this rule if you have the latest update:
>
>
> header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/
> [if-unset: 2006]
>
>
>
> yes i see that line, i belive now thats, after update the sa-update
> and rules taking updated files.
Are you still seeing false positives with this rule?
> iam still in confuse, how can i fine tune sitewide rules to send all
> the users to send spam mails to one user ID
> and configure rule to calculate based on that user
I am not following this. Please restate the question.
--
Bowie
Re: how can i finetune to spamassassin to handle spams
Posted by ram <ta...@gmail.com>.
Hi
I normal do reply with other mailing list, when i do reply it go to the
mailing list ID as a sender
here i have not observed it is going to user. sorry for that.
On Thu, Jan 28, 2010 at 10:03 PM, Bowie Bailey <Bo...@buc.com> wrote:
> ram wrote:
> >
> >
> > On Thu, Jan 28, 2010 at 8:22 PM, Bowie Bailey <Bowie_Bailey@buc.com
> > <ma...@buc.com>> wrote:
> >
> > ram wrote:
> > >
> > > * 3.4 FH_DATE_PAST_20XX The date is grossly in the future.
> >
> > This rule started causing problems at the beginning of the year
> > and was
> > fixed. Have you run sa-update to get the latest rules?
> >
> >
> >
> > yes i ran sa-update
> >
> > i see the rules all updating /var/lib/spamassassin folder
> >
> > but i see still the same configs in
> >
> > /usr/share/spamassassin
>
> Please reply to the list and not directly to me.
>
> The rules in /usr/share/spamassassin are the original rules from the
> install. If /var/lib/spamassassin/3.002.005 exists, those rules will be
> used instead. You can verify which rules are being used by running this
> command:
>
> $ spamassassin --lint -D 2>&1 | grep "read file"
>
>
spamassassin --lint -D 2>&1 | grep "read file"
[26114] dbg: config: read file /etc/mail/spamassassin/init.pre
[26114] dbg: config: read file /etc/mail/spamassassin/v310.pre
[26114] dbg: config: read file /etc/mail/spamassassin/v312.pre
[26114] dbg: config: read file /etc/mail/spamassassin/v320.pre
[26114] dbg: config: read file /var/lib/spamassassin/3.002005/
updates_spamassassin_org.cf
[26114] dbg: config: read file /etc/mail/spamassassin/local.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/
20_fake_helo_tests.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/
60_whitelist_subject.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
[26114] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
> To see if you have the latest rule, cd to
> /var/lib/spamassassin/3.002005/updates_spamassassin_org and do this:
>
> $ grep FH_DATE_PAST_20XX 72_active.cf
>
>
grep FH_DATE_PAST_20XX 72_active.cf
##{ FH_DATE_PAST_20XX
header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX The date is grossly in the future.
##} FH_DATE_PAST_20XX
> You should see this rule if you have the latest update:
>
> header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]
>
>
yes i see that line, i belive now thats, after update the sa-update and
rules taking updated files.
> --
> Bowie
>
>
iam still in confuse, how can i fine tune sitewide rules to send all the
users to send spam mails to one user ID
and configure rule to calculate based on that user
any ideas
Ram
Re: how can i finetune to spamassassin to handle spams
Posted by Bowie Bailey <Bo...@BUC.com>.
ram wrote:
>
>
> On Thu, Jan 28, 2010 at 8:22 PM, Bowie Bailey <Bowie_Bailey@buc.com
> <ma...@buc.com>> wrote:
>
> ram wrote:
> >
> > * 3.4 FH_DATE_PAST_20XX The date is grossly in the future.
>
> This rule started causing problems at the beginning of the year
> and was
> fixed. Have you run sa-update to get the latest rules?
>
>
>
> yes i ran sa-update
>
> i see the rules all updating /var/lib/spamassassin folder
>
> but i see still the same configs in
>
> /usr/share/spamassassin
Please reply to the list and not directly to me.
The rules in /usr/share/spamassassin are the original rules from the
install. If /var/lib/spamassassin/3.002.005 exists, those rules will be
used instead. You can verify which rules are being used by running this
command:
$ spamassassin --lint -D 2>&1 | grep "read file"
To see if you have the latest rule, cd to
/var/lib/spamassassin/3.002005/updates_spamassassin_org and do this:
$ grep FH_DATE_PAST_20XX 72_active.cf
You should see this rule if you have the latest update:
header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]
--
Bowie
Re: how can i finetune to spamassassin to handle spams
Posted by Bowie Bailey <Bo...@BUC.com>.
ram wrote:
>
> * 3.4 FH_DATE_PAST_20XX The date is grossly in the future.
This rule started causing problems at the beginning of the year and was
fixed. Have you run sa-update to get the latest rules?
--
Bowie
Re: how can i finetune to spamassassin to handle spams
Posted by ram <ta...@gmail.com>.
On Thu, Jan 28, 2010 at 7:53 PM, John Hardin <jh...@impsec.org> wrote:
> On Wed, 27 Jan 2010, ram wrote:
>
> On Wed, Jan 27, 2010 at 9:54 AM, John Hardin <jh...@impsec.org> wrote:
>>
>> On Wed, 27 Jan 2010, ram wrote:
>>>
>>> it works, but i see most of the mails are tagged as SPAM.
>>>
>>> A little more detail, please: Are you complaining about seeing lots of
>>> false positives? Or are you complaining about seeing lots of properly
>>> classified spams that are being delivered to your mailbox when you don't
>>> want them to be delivered to your mailbox?
>>>
>>> If the former, and both those samples were from false positives, then
>>> your bayes appears to need retraining.
>>>
>>
>> yes they are false positive
>>
>> even person sending just simple mail "hi how are you"
>> its treating as spam and not able send mail and it is rejecting
>> both the sides, outgoing and incoming
>>
>
>
Hi thanks for your quick responce
some of my information i have changed like ip address and domain names
> Can you post the complete headers from such an inbound false positive?
here is the simple mail requested locally asking for new mailID
Return-Path: sender@domain.com <se...@domain.com>
Delivered-To: to@domain.com
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.sol.net.in
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.6 required=5.0 tests=DEAR_SOMETHING,
FH_DATE_PAST_20XX,NO_RELAYS autolearn=no version=3.2.5
X-Spam-Report:
* 3.4 FH_DATE_PAST_20XX The date is grossly in the future.
* -0.0 NO_RELAYS Informational: message was not relayed via SMTP
* 2.2 DEAR_SOMETHING BODY: Contains 'Dear (something)'
Received: (qmail 8836 invoked by uid 48); 27 Jan 2010 14:33:13 +0530
To: to@domain.com
Subject: [SPAM] mailid
MIME-Version: 1.0
Date: Wed, 27 Jan 2010 14:33:13 +0530
From: sender@domain.com
Message-ID: <30...@domain.com>
X-Sender: sender@domain.com
User-Agent: Company Webmail/0.3.1
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
X-Spam-Prev-Subject: mailid
Or do you have simscan configured to completely delete spams rather than
quarantining them?
@400000004b610d3003da07d4 simscan:[19879]:SPAM REJECT
(7.00/5.00):3.3421s:[SPAM] mail:x.x.x.211:from@domain.com:to@domain.com
even simple mail it hits 3.4
@400000004b5db6be10acf584 simscan:[10034]:CLEAN (3.40/5.00):5.4026s:Re_ mail
from:x.x.x.10:sendter@domain.com:receiver@yahoo.com
this is mail sent from yahoo to my domain.com
Hi. This is the qmail-send program at yahoo.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<us...@domain.com>:
(MYSERVERIP) failed after I sent the message.
Remote host said: 554 Your email is considered spam (5.10 spam-hits)
--- Below this line is a copy of the message.
Return-Path: <user@yahoo.com <us...@yahoo.com>>
Received: (qmail 1647 invoked by uid 60001); 25 Jan 2010 15:45:45 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
t=1264434345; bh=rqUtJyMLicobcyhmr74TepjmUQAEmlazKT3vjV/n3aA=;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=YguNuhzD1Rin2zserVev7wc8xFv0OvPQWaEtOhEzGHLk4xQDfvpROEa8LmfoV42+/60FcgfZQ583qLfcYS4Nhr9k7Cj7saEKadq01riAkv5R6oFAnHpLpI1Ch9ldw6a7aYFpDvzHoigin/MdHNDRyryV8/ge3VJkUQGE3q+lDPA=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=ukmcU3+ntQciOpxQAs5wD6eeMyqhoBAZpC7JPx+6kvgl2XUsExdM5zua1fQvib7sKRzW3XwMPMlSEl3udGVYqanBkXvW8+uEhbQd/Ouf+bS7arAtNovq6jalosQD2U4TJ0QXZBFWL2rP75L7IPyo2PGbJzfAE0n4u3WwhZt85ok=;
Message-ID: <85...@web50407.mail.re2.yahoo.com>
X-YMail-OSG:
xzkFu1wVM1kvOC_p_A.2KDQosFYh84Thdznof8TcPGY_K9N0pMQeCGgj4BVJgnq18AbGG.eHPB2yZvPP8Js2cWEFSFYEh.GcCQP6yEIXnJ5qfu7OR0xXnJIly2mec7hlEnBH4vSyb7U_ocsXgCqVEyLAKbzpCU.Cnc1KAPedBc0Ygra2Ejml8uQo2GIsJ7qIRpjfyZ0on8fZ6Y2PVfT7rSS6IjgiCnsqOxMaGp7WUCR9uMTzrKCFbUN4eSwKtq6tRbfaDO.wIXYyp66AayMBJMBCxAQDYbOWcqk5bkOAT0QJArx4RWfCckJGoKaRDA--
Received: from [ClientIP] by web50407.mail.re2.yahoo.com via HTTP; Mon, 25
Jan 2010 07:45:45 PST
X-Mailer: YahooMailRC/272.7 YahooMailWebService/0.8.100.260964
Date: Mon, 25 Jan 2010 07:45:45 -0800 (PST)
From: hari <user@yahoo.com <us...@yahoo.com>>
Subject: testing
To: user@domain.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
>
> What is the output from "sa-learn --dump magic" ?
>
0.000 0 3 0 non-token data: bayes db version
0.000 0 0 0 non-token data: nspam
0.000 0 0 0 non-token data: nham
0.000 0 0 0 non-token data: ntokens
0.000 0 0 0 non-token data: oldest atime
0.000 0 0 0 non-token data: newest atime
0.000 0 0 0 non-token data: last journal sync
atime
0.000 0 0 0 non-token data: last expiry atime
0.000 0 0 0 non-token data: last expire atime
delta
0.000 0 0 0 non-token data: last expire
reduction count
>
> How are you training Bayes currently?
>
its recently installed, we have not yet gone till that level
>
> Did you retain your training corpora?
no
appriciate kind help
Ram
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> The world has enough Mouse Clicking System Engineers.
> -- Dave Pooser
> -----------------------------------------------------------------------
> Today: the 24th anniversary of the loss of STS-51L Challenger
>
Re: how can i finetune to spamassassin to handle spams
Posted by John Hardin <jh...@impsec.org>.
On Wed, 27 Jan 2010, ram wrote:
> On Wed, Jan 27, 2010 at 9:54 AM, John Hardin <jh...@impsec.org> wrote:
>
>> On Wed, 27 Jan 2010, ram wrote:
>>
>> it works, but i see most of the mails are tagged as SPAM.
>>
>> A little more detail, please: Are you complaining about seeing lots of
>> false positives? Or are you complaining about seeing lots of properly
>> classified spams that are being delivered to your mailbox when you
>> don't want them to be delivered to your mailbox?
>>
>> If the former, and both those samples were from false positives, then
>> your bayes appears to need retraining.
>
> yes they are false positive
>
> even person sending just simple mail "hi how are you"
> its treating as spam and not able send mail and it is rejecting
> both the sides, outgoing and incoming
Can you post the complete headers from such an inbound false positive? Or
do you have simscan configured to completely delete spams rather than
quarantining them?
What is the output from "sa-learn --dump magic" ?
How are you training Bayes currently?
Did you retain your training corpora?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The world has enough Mouse Clicking System Engineers.
-- Dave Pooser
-----------------------------------------------------------------------
Today: the 24th anniversary of the loss of STS-51L Challenger
Re: how can i finetune to spamassassin to handle spams
Posted by ram <ta...@gmail.com>.
Hi
thanks for the quick answer
my coments below
On Wed, Jan 27, 2010 at 9:54 AM, John Hardin <jh...@impsec.org> wrote:
> On Wed, 27 Jan 2010, ram wrote:
>
> it works, but i see most of the mails are tagged as SPAM.
>>
>
> A little more detail, please: Are you complaining about seeing lots of
> false positives? Or are you complaining about seeing lots of properly
> classified spams that are being delivered to your mailbox when you don't
> want them to be delivered to your mailbox?
>
>
yes they are false positive
even person sending just simple mail "hi how are you"
its treating as spam and not able send mail and it is rejecting
both the sides, outgoing and incoming
they are not delivering to mail box sinve simscan rejects
> If the former, and both those samples were from false positives, then your
> bayes appears to need retraining.
>
> If the latter, then whatever is interpreting the SA score to make delivery
> decisions (simscan?) needs to be looked at. SA _does not_ make delivery
> decisions itself, it only generates scores.
>
>
yes iam using simscan with spamassassin and also clamav
3.2.5 picking up the rules from /usr/share/spamassassin
or from /var/lib/spamassassin
since sa-update doing only /var/lib/spamassassin
how can i fine tune bayes to retraining ? to catch real spam messages
compare to simple mails. like " how are you message from friends
you help always appriciated
Ram
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> "A well educated Electorate, being necessary to the liberty of a
> free State, the Right of the People to Keep and Read Books,
> shall not be infringed."
> ...means only registered voters can read books, and only those books
> obtained with State permission from State-controlled bookstores?
> -----------------------------------------------------------------------
> Today: the 43rd anniversary of the loss of Apollo 1
>
Re: how can i finetune to spamassassin to handle spams
Posted by John Hardin <jh...@impsec.org>.
On Wed, 27 Jan 2010, ram wrote:
> it works, but i see most of the mails are tagged as SPAM.
A little more detail, please: Are you complaining about seeing lots of
false positives? Or are you complaining about seeing lots of properly
classified spams that are being delivered to your mailbox when you don't
want them to be delivered to your mailbox?
If the former, and both those samples were from false positives, then
your bayes appears to need retraining.
If the latter, then whatever is interpreting the SA score to make delivery
decisions (simscan?) needs to be looked at. SA _does not_ make delivery
decisions itself, it only generates scores.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"A well educated Electorate, being necessary to the liberty of a
free State, the Right of the People to Keep and Read Books,
shall not be infringed."
...means only registered voters can read books, and only those books
obtained with State permission from State-controlled bookstores?
-----------------------------------------------------------------------
Today: the 43rd anniversary of the loss of Apollo 1