You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Frank DeChellis <fr...@iaw.on.ca> on 2008/12/29 14:10:30 UTC
Spam with HUGE negative scores
Hi there,
We use SA 3.2.1 on FreeBSD 6.1. We have Bayes and Razor in use.
Lately, 3 weeks or so, we¹ve been getting HUGE negative scores on our spam.
And it¹s coming in by the truck load. We use Sa-Update to update our rules
from saupdates.openprotect.com and updates.spamassassin.org
Has anybody else experience this? Is there a config setting that I messed
up that allowed this to come through?
Thanks
Frank
P.S. Are there other channels that people suggest adding to sa-update?
Frank DeChellis
President, Internet Access Worldwide
Welland, Ontario, Canada
www.iaw.com
Re: Spam with HUGE negative scores
Posted by Benny Pedersen <me...@junc.org>.
On Mon, December 29, 2008 14:10, Frank DeChellis wrote:
> Lately, 3 weeks or so, we¹ve been getting HUGE negative scores on
> our spam.
no evidence, no help
spamassassin 2>&1 -D -t <msg >sa.log
post sa.log to a pastebin site and give us the url here
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Spam with HUGE negative scores
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 29.12.08 08:10, Frank DeChellis wrote:
> Lately, 3 weeks or so, we¹ve been getting HUGE negative scores on our spam.
which scores were in progress?
> And it¹s coming in by the truck load. We use Sa-Update to update our rules
> from saupdates.openprotect.com and updates.spamassassin.org
>
> Has anybody else experience this? Is there a config setting that I messed
> up that allowed this to come through?
It's mostly caused by invalid whitelisting, e.g. whitelisting own domains
(spammers often put them to From lines).
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of.
Re: Spam with HUGE negative scores
Posted by mouss <mo...@netoyen.net>.
Frank DeChellis a écrit :
> Hi there,
>
> We use SA 3.2.1 on FreeBSD 6.1. We have Bayes and Razor in use.
>
> Lately, 3 weeks or so, we’ve been getting HUGE negative scores on our
> spam. And it’s coming in by the truck load. We use Sa-Update to update
> our rules from saupdates.openprotect.com and updates.spamassassin.org
>
> Has anybody else experience this? Is there a config setting that I
> messed up that allowed this to come through?
>
do not whitelist your domain. if you really need, use
whitelist_from_rcvd or the like.
> Thanks
> Frank
>
> P.S. Are there other channels that people suggest adding to sa-update?
>
JM Sought channel is highly recommended:
channel: sought.rules.yerp.org
Key: 6C6191E3
Key URL: http://yerp.org/rules/GPG.KEY
Re: Spam with HUGE negative scores
Posted by Michael Scheidell <sc...@secnap.net>.
As with other suggestions, don't whitelist your own domain (usually the
problem)
you might post an email to your web site in whole (DON'T POST IT TO
THIS GROUP! MESSES THINGS UP)
also, SA and Razor are keep upto date on Freebsd (I am the ports
maintainer for SA), and you won't get any updates for sa 3.2.1. might
move to 3.2.5. should be painless:
portupgrade -R p5-Mail-SpamAssassin
(watch for dependencies like mysql)
Frank DeChellis wrote:
> Hi there,
>
> We use SA 3.2.1 on FreeBSD 6.1. We have Bayes and Razor in use.
>
> Lately, 3 weeks or so, we've been getting HUGE negative scores on our
> spam. And it's coming in by the truck load. We use Sa-Update to
> update our rules from saupdates.openprotect.com and
> updates.spamassassin.org
>
> Has anybody else experience this? Is there a config setting that I
> messed up that allowed this to come through?
>
> Thanks
> Frank
>
> P.S. Are there other channels that people suggest adding to sa-update?
>
> Frank DeChellis
> President, Internet Access Worldwide
> Welland, Ontario, Canada
> www.iaw.com
>
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* King of Spam Filters, SC Magazine 2008
* Information Security Award 2008, Info Security Products Guide
* CRN Magazine Top 40 Emerging Security Vendors
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________