You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jason Novak <ja...@sheffieldave.com> on 2004/11/18 02:38:59 UTC
Question
I've upgraded to SpamAssassin 3.0.1 and, for the most part everything
seems to work ok...although there are consistently some spam messages
that still seem to get through. All false negatives a run sa-learn to
learn.
My local.cf is configured as follows:
bayes_path /var/lib/nobody/.spamassassin/bayes
bayes_min_spam_num 20
bayes_auto_learn 1
auto_whitelist_path /var/lib/nobody/.spamassassin/auto-whitelist
my mail log is as follows for a spam message:
Nov 17 15:49:37 chicago sendmail[5752]: iAHLnVO0005752: Milter add:
header: X-Virus-Status: Clean
Nov 17 15:49:37 chicago spamd[5376]: connection from localhost
[127.0.0.1] at port 48736
Nov 17 15:49:37 chicago spamd[5376]: checking message
<20...@lslxs.com> for (unknown):65534.
Nov 17 15:49:45 chicago spamd[5376]: clean message (2.9/5.0) for
(unknown):65534 in 7.8 seconds, 5987 bytes.
Nov 17 15:49:45 chicago spamd[5376]: result: . 2 -
BAYES_99,HTML_90_100,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_SBL,SARE_MONEY
TERMS,SPF_HELO_PASS
scantime=7.8,size=5987,mid=<20...@lslxs.com>,bayes=1,autolearn=no
Any ideas?
Thanks for your help.
Best Regards,
Jason
Re: Question
Posted by Jason Novak <ja...@sheffieldave.com>.
Hi Martin,
I think I may have found the issue...It looks like these domains were
added in the auto-whitelist file which were probably decreasing the
score below the standard threshold of 5. The extra rulesets you see are
actually coming from ruleemporium.com.(SARE). That's why I was so
confused that these messages seem to be getting through. Thank you
again for the suggestion.
Best Regards,
Jason
Martin Hepworth wrote:
> Jason
>
> The default SpamAssassin rules are a good start, but what extra rules
> are you running?
>
> There are some very good ones on www.ruleemporium.com.
>
> Also are you using any of the URI RBL's from www.surbl.org? These can
> help alot too.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Jason Novak wrote:
>
>> I've upgraded to SpamAssassin 3.0.1 and, for the most part everything
>> seems to work ok...although there are consistently some spam messages
>> that still seem to get through. All false negatives a run sa-learn
>> to learn.
>>
>> My local.cf is configured as follows:
>>
>> bayes_path /var/lib/nobody/.spamassassin/bayes
>> bayes_min_spam_num 20
>> bayes_auto_learn 1
>> auto_whitelist_path /var/lib/nobody/.spamassassin/auto-whitelist
>>
>> my mail log is as follows for a spam message:
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
Re: Question
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
Jason
The default SpamAssassin rules are a good start, but what extra rules
are you running?
There are some very good ones on www.ruleemporium.com.
Also are you using any of the URI RBL's from www.surbl.org? These can
help alot too.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Jason Novak wrote:
> I've upgraded to SpamAssassin 3.0.1 and, for the most part everything
> seems to work ok...although there are consistently some spam messages
> that still seem to get through. All false negatives a run sa-learn to
> learn.
>
> My local.cf is configured as follows:
>
> bayes_path /var/lib/nobody/.spamassassin/bayes
> bayes_min_spam_num 20
> bayes_auto_learn 1
> auto_whitelist_path /var/lib/nobody/.spamassassin/auto-whitelist
>
> my mail log is as follows for a spam message:
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************