Suddenly tons of spam

[Max <md...@breakawaysystems.com>]

Hey, I know this message is kind of vague but I set up spamassassin a
while ago. It's been working great for a long time, but then out of no
where we started getting 127 or so spam messages per day. Could someone
point me in the right direction to diagnose/correct this problem? All
I've done so far is just run sa-update.

Re: Suddenly tons of spam

[Mikael Syska <mi...@syska.dk>]

Hi,

On Tue, Mar 29, 2011 at 7:20 PM, Max <md...@breakawaysystems.com> wrote:
> Hey, I know this message is kind of vague but I set up spamassassin a
> while ago. It's been working great for a long time, but then out of no
> where we started getting 127 or so spam messages per day. Could someone
> point me in the right direction to diagnose/correct this problem?

Yes, post a sample spam on http://nomorepasting.com/ or similar page
so we can test it againts out system.

What rules are hit on the spam that are getting though? Have you been
receiving similar spam like them before ?

Regular read the mailing lists, you will learn alot ... I know I did.
Not just read it when hell breaks out.

>  All I've done so far is just run sa-update.

Thats one good thing to start with.

>

mvh
Syska

Re: Suddenly tons of spam

[Martin Gregorie <ma...@gregorie.org>]

On Tue, 2011-03-29 at 12:20 -0500, Max wrote:
> Hey, I know this message is kind of vague but I set up spamassassin a
> while ago. It's been working great for a long time, but then out of no
> where we started getting 127 or so spam messages per day. Could someone
> point me in the right direction to diagnose/correct this problem? All
> I've done so far is just run sa-update.
>
What version of Spamassassin are you running?


Martin

Re: Spam

[Per Jessen <pe...@computer.org>]

Adam Katz wrote:

> The multi-lingual dictionary that I use for this kind of purpose has
> 132 words that are 29+ characters.  Its longest word is 58 characters:
> Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch is a large
> village on the Welsh island of Anglesey, see
> http://en.wikipedia.org/wiki/Llanfairpwllgwyngyll for more.  Wikipedia
> also notes a hill in New Zealand (short name Taumata) with an even
> longer name.  The next longest word is
> pneumonoultramicroscopicsilicovolcanoconiosis with 45 letters.  German
> words, which I would have expected to take the cake, seem to be
> limited to 35 or so letters.

From:
http://german.about.com/library/blwort_long.htm

Rindfleischetikettierungsüberwachungsaufgabenübertragungsgesetz
Donaudampfschiffahrtselektrizitätenhauptbetriebswerkbauunterbeamtengesellschaft


/Per Jessen, Zürich

Re: Spam

[John Hardin <jh...@impsec.org>]

On Wed, 30 Mar 2011, RW wrote:

>>> On Wed, 2011-03-30 at 00:58 +0200, martin@swetech.se wrote:
>>>>
>>>> Re:
>>>> YouWillNotBelieveYourPennisCanBbeThhatHardAndThick!GiveYouserlfATreat
>
> The subjects have two separate characteristics: the length and the
> number of lower to upper case transitions. I score them separately and
> use:
>
> header SUBJ_LONG_WORD Subject =~ /\b[^[:space:][:punct:]]{30}/
> header SUBJ_ODD_CASE  Subject =~ /(?:[[:lower:]][[:upper:]].{0,15}){3}/

How about:

header SUBJ_RUNON Subject =~ /(?:[[:upper:]][[:lower]]{2,15}[!:,'"]?){10}/

?

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   The third basic rule of firearms safety:
   Keep your booger hook off the bang switch!
-----------------------------------------------------------------------
  2 days until April Fools' day

Re: Spam

[Adam Katz <an...@khopis.com>]

On 03/30/2011 01:23 PM, RW wrote:
> A lot of these long words are rarely used in the wild - other than
> to say how long they are.
> 
> The subjects have two separate characteristics: the length and the 
> number of lower to upper case transitions. I score them separately
> and use:
> 
> header SUBJ_LONG_WORD Subject =~ /\b[^[:space:][:punct:]]{30}/
> header SUBJ_ODD_CASE  Subject =~ /(?:[[:lower:]][[:upper:]].{0,15}){3}/

(Personally, I'd prefer to limit it to letters rather than also
including numbers, underscores, and special characters.)

There's also exaggerated text like aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaarg,
hahahahahahahahahahahahahahaha, lollllllllllllllllllllll!11111one,
intentional strings like goodluckwiththat, and suffixes like
"somethingorother" (as in "Mr. Rosensomethingorother").

I think my rule was a little more efficient at accomplishing something
similar.  John's was better named and is preferable except for the fact
that it still takes a while to parse (though at least it's limited to
just one line of each message).

Re: Spam

[RW <rw...@googlemail.com>]

On Wed, 30 Mar 2011 09:16:09 -0700
Adam Katz <an...@khopis.com> wrote:

> On 03/29/2011 04:57 PM, Martin Gregorie wrote:
> > On Wed, 2011-03-30 at 00:58 +0200, martin@swetech.se wrote:
> >> recetly i been getting ALOT of these mail with the subjects like
> >> this contain a link to some scam/chinese crap factory
> >>
> >> i run the latest spamassassin along with amavis  but these mails
> >> keep getting through any ideas?
> >>
> >> Re:
> >> YouWillNotBelieveYourPennisCanBbeThhatHardAndThick!GiveYouserlfATreat
> > 
> > Since the longest (English) word I know has 28 letters
> > (antidisestablishmentarianism), a private rule like:
> > 
> > header VERY_LONG_WORD  Subject =~ /Re:\s+\S{29}/
> > 
> > should catch that spam.
> 
> The multi-lingual dictionary that I use for this kind of purpose has
> 132 words that are 29+ characters.  Its longest word is 58 characters:
> Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch is a large
> village on the Welsh island of Anglesey,   ...

A lot of these long words are rarely used in the wild - other than to
say how long they are. 

The subjects have two separate characteristics: the length and the
number of lower to upper case transitions. I score them separately and
use:

header SUBJ_LONG_WORD Subject =~ /\b[^[:space:][:punct:]]{30}/
header SUBJ_ODD_CASE  Subject =~ /(?:[[:lower:]][[:upper:]].{0,15}){3}/

Re: Spam

[Adam Katz <an...@khopis.com>]

On 03/29/2011 04:57 PM, Martin Gregorie wrote:
> On Wed, 2011-03-30 at 00:58 +0200, martin@swetech.se wrote:
>> recetly i been getting ALOT of these mail with the subjects like this
>> contain a link to some scam/chinese crap factory
>>
>> i run the latest spamassassin along with amavis  but these mails keep 
>> getting through any ideas?
>>
>> Re: YouWillNotBelieveYourPennisCanBbeThhatHardAndThick!GiveYouserlfATreat
> 
> Since the longest (English) word I know has 28 letters
> (antidisestablishmentarianism), a private rule like:
> 
> header VERY_LONG_WORD  Subject =~ /Re:\s+\S{29}/
> 
> should catch that spam.

The multi-lingual dictionary that I use for this kind of purpose has 132
words that are 29+ characters.  Its longest word is 58 characters:
Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch is a large
village on the Welsh island of Anglesey, see
http://en.wikipedia.org/wiki/Llanfairpwllgwyngyll for more.  Wikipedia
also notes a hill in New Zealand (short name Taumata) with an even
longer name.  The next longest word is
pneumonoultramicroscopicsilicovolcanoconiosis with 45 letters.  German
words, which I would have expected to take the cake, seem to be limited
to 35 or so letters.

Maybe try this instead:

header VERY_LONG_WORD  Subject =~ /Re:\s+\w(?![a-z]{40})[A-Za-z]{40}/


If anybody is interested in the dictionary I use, this should be enough
to replicate it:

$ ls -lGg |sed 's/^.* 1 //; s/ ... .. ..... / /'
total 18M
 17M all
  32 american-english -> /usr/share/dict/american-english
  37 american-english-huge -> /usr/share/dict/american-english-huge
  39 american-english-insane -> /usr/share/dict/american-english-insane
 86K beale.wordlist.asc
  25 brazilian -> /usr/share/dict/brazilian
  36 british-english-huge -> /usr/share/dict/british-english-huge
  37 canadian-english-huge -> /usr/share/dict/canadian-english-huge
 86K diceware.wordlist.asc
1.6K expurgated
  22 french -> /usr/share/dict/french
  23 italian -> /usr/share/dict/italian
 135 make-all
  23 ngerman -> /usr/share/dict/ngerman
  23 ogerman -> /usr/share/dict/ogerman
  23 spanish -> /usr/share/dict/spanish
1.7M twl06.txt
  21 words -> /usr/share/dict/words
$ cat make-all
#!/bin/sh

( cat `ls |grep -Ev '^all|.wordlist.asc'`
  sed -r '/^[0-9]{5}\s+/!d; s///; /\w/!d' *.wordlist.asc
) |sort -f |uniq -i >all


Expurgated and twl06.txt are scrabble dictionaries that you'll have to
find specifically.  The .wordlist.asc files are for diceware.
Everything else came from a Debian package.  If you're not a word nut
like me, all you really need is the largest of each of the languages,
plus perhaps the standard English dictionary so you can determine if
something is an edge case.

This made it really easy for me to verify the cialis-in-word problem we
had here earlier; `grep -ci cialis all` currently counts 287 words.

Re: Spam

["Lawrence @ Rogers" <la...@nl.rogers.com>]

On 29/03/2011 9:27 PM, Martin Gregorie wrote:
> On Wed, 2011-03-30 at 00:58 +0200, martin@swetech.se wrote:
>> recetly i been getting ALOT of these mail with the subjects like this
>> contain a link to some scam/chinese crap factory
>>
>> i run the latest spamassassin along with amavis  but these mails keep
>> getting through any ideas?
>>
>> Re: YouWillNotBelieveYourPennisCanBbeThhatHardAndThick!GiveYouserlfATreat
> Since the longest (English) word I know has 28 letters
> (antidisestablishmentarianism), a private rule like:
>
> header VERY_LONG_WORD  Subject =~ /Re:\s+\S{29}/
>
> should catch that spam.
>
>
> Martin
>
>
We started getting those spams about 6 months ago. What I did was come 
up with a low scoring rule that hits on this

# Rule 1: check if the Subject also containing numbers, letters, or 
common formatting (except spaces) and more than 34 characters
header LW_SUBJECT_SPAMMY  Subject =~ /^[0-9a-zA-Z,.+_\-'!\\\/]{31,}$/
describe LW_SUBJECT_SPAMMY Subject appears spammy (31 or more characters 
without spaces. Only numbers, letters, and formattiing)
score  LW_SUBJECT_SPAMMY 0.2
#tflags LW_SUBJECT_SPAMMY noautolearn

I'm sure this rule could use some improvement.

The ones we saw also always followed 2 possible patterns (sometimes 
containing both in the same e-mail)

1) Hit the HTML_MESSAGE, and either FREEMAIL_FROM or TRACKER_ID, rules.
2) Hit MIME_QP_LONG_LINE and a network test.

We have the above 2 in the form of meta rules and scored at 1.0 each.

We also have a 3rd meta rule, with the first rule + the 2 described 
above, scored at 1.5

This has proven to be quite effective at nuking these spams without FP. 
This is because the likelyhood of a ham e-mail setting off all of the 
above rules is quite low.

Regards,
Lawrence

Re: Spam

[Martin Gregorie <ma...@gregorie.org>]

On Wed, 2011-03-30 at 00:58 +0200, martin@swetech.se wrote:
> recetly i been getting ALOT of these mail with the subjects like this
> contain a link to some scam/chinese crap factory
> 
> i run the latest spamassassin along with amavis  but these mails keep 
> getting through any ideas?
> 
> Re: YouWillNotBelieveYourPennisCanBbeThhatHardAndThick!GiveYouserlfATreat

Since the longest (English) word I know has 28 letters
(antidisestablishmentarianism), a private rule like:

header VERY_LONG_WORD  Subject =~ /Re:\s+\S{29}/

should catch that spam.


Martin

Spam

[ma...@swetech.se]

recetly i been getting ALOT of these mail with the subjects like this
contain a link to some scam/chinese crap factory

i run the latest spamassassin along with amavis  but these mails keep 
getting through any ideas?

Re: YouWillNotBelieveYourPennisCanBbeThhatHardAndThick!GiveYouserlfATreat

Re: Suddenly tons of spam

[Ned Slider <ne...@unixmail.co.uk>]

On 29/03/11 22:54, Benny Pedersen wrote:
> On Tue, 29 Mar 2011 14:12:27 -0700 (PDT), missingshrink<sa...@rainkid.com>
> wrote:
>> Going by the recommendation of others here, I have removed my
> installation
>> originally done with RPM (CentOS 4.9) and removed all my bayes files.
>
> never install directly from cpan, make rpms from cpan is okay, but it
> would be even better if one make a bug on centos to get more updated
> spamassassin as rpm
>
> again never mix cpan and rpm
>
> if one ignore this be prepared to lrarn more :)
>
>
>

+1.

RPMForge has the latest SpamAssassin packages for CentOS plus all the 
perl packages you are likely to need. If they don't, ask on the rpmforge 
users list and they'll package and maintain them for you.

Re: Suddenly tons of spam

[Benny Pedersen <me...@junc.org>]

On Tue, 29 Mar 2011 14:12:27 -0700 (PDT), missingshrink <sa...@rainkid.com>
wrote:
> Going by the recommendation of others here, I have removed my
installation
> originally done with RPM (CentOS 4.9) and removed all my bayes files.

never install directly from cpan, make rpms from cpan is okay, but it
would be even better if one make a bug on centos to get more updated
spamassassin as rpm

again never mix cpan and rpm

if one ignore this be prepared to lrarn more :)

Re: Suddenly tons of spam

[missingshrink <sa...@rainkid.com>]

Going by the recommendation of others here, I have removed my installation
originally done with RPM (CentOS 4.9) and removed all my bayes files.

I am installing from CPAN as well. It borked numerous times. Then I realized
that it was asking me to update CPAN. I updated CPAN, reloaded it - still
showed older version. Did this process twice more, then the newer version of
CPAN loaded. Then I tried in install SA. It complained about other modules.
It did not ask me to include them - it simply notified me of them, then
failed to build. Once I installed the required modules, SA installed. It
wouldn't sa-update though, and I realized I needed an update for
LWP:Useragent. Of course, CPAN wont allow me to install it, because my whole
system is dependent on an older version of Perl. In the end, I realized that
LWP:Useragent is part of perl-libwww.

Now, I am installing the optional components of SA.

What a day...




mdunlap wrote:
> 
> Tried to update spamassasin with cpan, it failed of course
> 
> did:
> perl -MCPAN -e shell [as root]
> install Mail::SpamAssassin 
> <http://wiki.apache.org/spamassassin/SpamAssassin>quit
> 
> 
> Test Summary Report
> -------------------
> t/spamc_bug6176.t               (Wstat: 0 Tests: 2 Failed: 2)
>    Failed tests:  1-2
> t/spamd_allow_user_rules.t      (Wstat: 0 Tests: 5 Failed: 1)
>    Failed test:  5
> Files=163, Tests=1976, 161 wallclock secs ( 1.26 usr  0.24 sys + 49.54 
> cusr  9.34 csys = 60.38 CPU)
> Result: FAIL
> Failed 2/163 test programs. 3/1976 subtests failed.
> make: *** [test_dynamic] Error 255
>    JMASON/Mail-SpamAssassin-3.3.1.tar.gz
>    /usr/bin/make test -- NOT OK
> //hint// to see the cpan-testers results for installing this module, try:
>    reports JMASON/Mail-SpamAssassin-3.3.1.tar.gz
> Running make install
>    make test had returned bad status, won't install without force
> 
> 
> 
> On 03/29/2011 02:22 PM, Bowie Bailey wrote:
>> On 3/29/2011 3:07 PM, missingshrink wrote:
>>> Not to hijack this thread - but I am experiencing the same issue.
>>>
>>>
>>> I too - started experiencing tons of spam getting through since a few
>>> weeks
>>> ago.
>>> In the past hour, 18 messages were not corrected tagged as spam, 3 were.
>>> My
>>> required score is 2.0. I also use 5 DNSBLs. Last week, I uninstalled
>>> spamassassin, all bayes files I could find, and reinstalled. It did not
>>> help
>>> at all. I regularly run sa-update and sa-learn on my spam folder that I
>>> manual check to ensure there are no ham messages.
>>>
>>> I am almost certain that it is likely to be a configuration issue, but I
>>> am
>>> merely a SA user, not a bayes master. Been using SA for about 7 years
>>> already though, and it's always worked well.
>>>
>>> Here are some sample messages that bypassed SA:
>>> http://pastebin.com/raw.php?i=0NYi2Ufu
>>> Here is my SA -D -lint result: http://pastebin.com/raw.php?i=fyJfBQCn
>>>
>>> Any help would be much appreciated!
>> First thing I would do is fix your bayes db.  It looks like you are
>> trying to use a global bayes db, right?  If so, you have the bayes_path
>> set wrong (see the error in 'spamassassin --lint').
>>
>> You apparently have this:
>>
>>      bayes_path /tmp
>>
>> While it should look like this:
>>
>>      bayes_path /tmp/bayes
>>
>> This setting needs to be both the directory path as well as the first
>> portion of the filename for the bayes files.  This will almost always
>> look like '/path/to/directory/bayes'.  Note that 'bayes' is NOT a
>> directory.
>>
>> Looking at your samples, it appears that the bayes db is your main
>> problem.  BAYES_00 should never fire on spam.  This problem may go away
>> if you define the bayes_path correctly.  To prevent the problem from
>> resurfacing, make sure you run sa-learn on both spam and ham on a
>> regular basis.
>>
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/Suddenly-tons-of-spam-tp31269789p31271760.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Suddenly tons of spam

[Max <md...@breakawaysystems.com>]

Tried to update spamassasin with cpan, it failed of course

did:
perl -MCPAN -e shell [as root]
install Mail::SpamAssassin 
<http://wiki.apache.org/spamassassin/SpamAssassin>quit


Test Summary Report
-------------------
t/spamc_bug6176.t               (Wstat: 0 Tests: 2 Failed: 2)
   Failed tests:  1-2
t/spamd_allow_user_rules.t      (Wstat: 0 Tests: 5 Failed: 1)
   Failed test:  5
Files=163, Tests=1976, 161 wallclock secs ( 1.26 usr  0.24 sys + 49.54 
cusr  9.34 csys = 60.38 CPU)
Result: FAIL
Failed 2/163 test programs. 3/1976 subtests failed.
make: *** [test_dynamic] Error 255
   JMASON/Mail-SpamAssassin-3.3.1.tar.gz
   /usr/bin/make test -- NOT OK
//hint// to see the cpan-testers results for installing this module, try:
   reports JMASON/Mail-SpamAssassin-3.3.1.tar.gz
Running make install
   make test had returned bad status, won't install without force



On 03/29/2011 02:22 PM, Bowie Bailey wrote:
> On 3/29/2011 3:07 PM, missingshrink wrote:
>> Not to hijack this thread - but I am experiencing the same issue.
>>
>>
>> I too - started experiencing tons of spam getting through since a few weeks
>> ago.
>> In the past hour, 18 messages were not corrected tagged as spam, 3 were. My
>> required score is 2.0. I also use 5 DNSBLs. Last week, I uninstalled
>> spamassassin, all bayes files I could find, and reinstalled. It did not help
>> at all. I regularly run sa-update and sa-learn on my spam folder that I
>> manual check to ensure there are no ham messages.
>>
>> I am almost certain that it is likely to be a configuration issue, but I am
>> merely a SA user, not a bayes master. Been using SA for about 7 years
>> already though, and it's always worked well.
>>
>> Here are some sample messages that bypassed SA:
>> http://pastebin.com/raw.php?i=0NYi2Ufu
>> Here is my SA -D -lint result: http://pastebin.com/raw.php?i=fyJfBQCn
>>
>> Any help would be much appreciated!
> First thing I would do is fix your bayes db.  It looks like you are
> trying to use a global bayes db, right?  If so, you have the bayes_path
> set wrong (see the error in 'spamassassin --lint').
>
> You apparently have this:
>
>      bayes_path /tmp
>
> While it should look like this:
>
>      bayes_path /tmp/bayes
>
> This setting needs to be both the directory path as well as the first
> portion of the filename for the bayes files.  This will almost always
> look like '/path/to/directory/bayes'.  Note that 'bayes' is NOT a directory.
>
> Looking at your samples, it appears that the bayes db is your main
> problem.  BAYES_00 should never fire on spam.  This problem may go away
> if you define the bayes_path correctly.  To prevent the problem from
> resurfacing, make sure you run sa-learn on both spam and ham on a
> regular basis.
>

Re: Suddenly tons of spam

[Bowie Bailey <Bo...@BUC.com>]

On 3/29/2011 3:07 PM, missingshrink wrote:
> Not to hijack this thread - but I am experiencing the same issue.
>
>
> I too - started experiencing tons of spam getting through since a few weeks
> ago.
> In the past hour, 18 messages were not corrected tagged as spam, 3 were. My
> required score is 2.0. I also use 5 DNSBLs. Last week, I uninstalled
> spamassassin, all bayes files I could find, and reinstalled. It did not help
> at all. I regularly run sa-update and sa-learn on my spam folder that I
> manual check to ensure there are no ham messages.
>
> I am almost certain that it is likely to be a configuration issue, but I am
> merely a SA user, not a bayes master. Been using SA for about 7 years
> already though, and it's always worked well.
>
> Here are some sample messages that bypassed SA:
> http://pastebin.com/raw.php?i=0NYi2Ufu
> Here is my SA -D -lint result: http://pastebin.com/raw.php?i=fyJfBQCn
>
> Any help would be much appreciated!

First thing I would do is fix your bayes db.  It looks like you are
trying to use a global bayes db, right?  If so, you have the bayes_path
set wrong (see the error in 'spamassassin --lint').

You apparently have this:

    bayes_path /tmp

While it should look like this:

    bayes_path /tmp/bayes

This setting needs to be both the directory path as well as the first
portion of the filename for the bayes files.  This will almost always
look like '/path/to/directory/bayes'.  Note that 'bayes' is NOT a directory.

Looking at your samples, it appears that the bayes db is your main
problem.  BAYES_00 should never fire on spam.  This problem may go away
if you define the bayes_path correctly.  To prevent the problem from
resurfacing, make sure you run sa-learn on both spam and ham on a
regular basis.

-- 
Bowie

Re: Suddenly tons of spam

[Martin Gregorie <ma...@gregorie.org>]

On Tue, 2011-03-29 at 12:07 -0700, missingshrink wrote:
> Not to hijack this thread - but I am experiencing the same issue.
> 
Upgrade. 3.2.4 is very old and its default rule set is likewise.

If you're not already using greylisting, its worth thinking about. When
my ISP introduced it, the spam I received immediately dropped from 80%
of incoming mail to 8% - I use SA to clean up after it. Most of the
stuff SA traps is either from mailing lists or junk mail from companies
that don't honour their 'unsubscribe' commitment.


Martin

Re: Suddenly tons of spam

[jdow <jd...@earthlink.net>]

On 2011/03/29 12:15, Mikael Syska wrote:
> Hi,
>
> On Tue, Mar 29, 2011 at 9:07 PM, missingshrink<sa...@rainkid.com>  wrote:
>>
>> Not to hijack this thread - but I am experiencing the same issue.
>
> Well ... same problem.
>>
>>
>> I too - started experiencing tons of spam getting through since a few weeks
>> ago.
>
> Okay.

Erm, tons of spam or tons of mismarked ham? I must be in a quaint little
bubble. Since about Christmas the amount of spam here has been cut to
about 20% or less of what it was in the middle of last year. I've gone
from over 200 per day down to under 40 per day for the last week or so.

>> In the past hour, 18 messages were not corrected tagged as spam, 3 were. My
>> required score is 2.0. I also use 5 DNSBLs. Last week, I uninstalled
>> spamassassin, all bayes files I could find, and reinstalled. It did not help
>> at all. I regularly run sa-update and sa-learn on my spam folder that I
>> manual check to ensure there are no ham messages.
>>
>> I am almost certain that it is likely to be a configuration issue, but I am
>> merely a SA user, not a bayes master. Been using SA for about 7 years
>> already though, and it's always worked well.
>>
>> Here are some sample messages that bypassed SA:
>> http://pastebin.com/raw.php?i=0NYi2Ufu
>> Here is my SA -D -lint result: http://pastebin.com/raw.php?i=fyJfBQCn
>>
>> Any help would be much appreciated!
>
> Read all the same answers ... upgrade SA to start with ... 3.2.4 is 3 years old.
> 2008-01-05: SpamAssassin 3.2.4 has been released. Visit the downloads
> page to pick it up, and for more info.

It ain't broke so I ain't fixin it. (Spam is so low I have better uses
for my time than pushing 3.3.x into this system.)

He has a broken bayes. Fix that and most of his problems vanish. Move
the bayes files to a temporary folder. Train with a good batch of ham
and spam, 300 to 500 of each, getting the -ham and -spam correct when
training. Then go worry about real problems. If you're lucky and have
no pressing problems, update SpamAssassin.

{^_^}

Re: Suddenly tons of spam

[Mikael Syska <mi...@syska.dk>]

Hi,

On Tue, Mar 29, 2011 at 9:07 PM, missingshrink <sa...@rainkid.com> wrote:
>
> Not to hijack this thread - but I am experiencing the same issue.

Well ... same problem.
>
>
> I too - started experiencing tons of spam getting through since a few weeks
> ago.

Okay.

> In the past hour, 18 messages were not corrected tagged as spam, 3 were. My
> required score is 2.0. I also use 5 DNSBLs. Last week, I uninstalled
> spamassassin, all bayes files I could find, and reinstalled. It did not help
> at all. I regularly run sa-update and sa-learn on my spam folder that I
> manual check to ensure there are no ham messages.
>
> I am almost certain that it is likely to be a configuration issue, but I am
> merely a SA user, not a bayes master. Been using SA for about 7 years
> already though, and it's always worked well.
>
> Here are some sample messages that bypassed SA:
> http://pastebin.com/raw.php?i=0NYi2Ufu
> Here is my SA -D -lint result: http://pastebin.com/raw.php?i=fyJfBQCn
>
> Any help would be much appreciated!

Read all the same answers ... upgrade SA to start with ... 3.2.4 is 3 years old.
2008-01-05: SpamAssassin 3.2.4 has been released. Visit the downloads
page to pick it up, and for more info.

> --
> View this message in context: http://old.nabble.com/Suddenly-tons-of-spam-tp31269789p31270648.html
> Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
>
>

mvh
Syska

Re: Suddenly tons of spam

[missingshrink <sa...@rainkid.com>]

Not to hijack this thread - but I am experiencing the same issue.


I too - started experiencing tons of spam getting through since a few weeks
ago.
In the past hour, 18 messages were not corrected tagged as spam, 3 were. My
required score is 2.0. I also use 5 DNSBLs. Last week, I uninstalled
spamassassin, all bayes files I could find, and reinstalled. It did not help
at all. I regularly run sa-update and sa-learn on my spam folder that I
manual check to ensure there are no ham messages.

I am almost certain that it is likely to be a configuration issue, but I am
merely a SA user, not a bayes master. Been using SA for about 7 years
already though, and it's always worked well.

Here are some sample messages that bypassed SA:
http://pastebin.com/raw.php?i=0NYi2Ufu
Here is my SA -D -lint result: http://pastebin.com/raw.php?i=fyJfBQCn

Any help would be much appreciated!
-- 
View this message in context: http://old.nabble.com/Suddenly-tons-of-spam-tp31269789p31270648.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Suddenly tons of spam

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

> On Tue, 29 Mar 2011, Max wrote:
>
>> Heres the output of spamassassin -D --lint:
>>
>> [29434] dbg: bayes: DB journal sync: last sync: 1301418690
>> [29434] dbg: bayes: corpus size: nspam = 114087, nham = 43887
>> [29434] dbg: bayes: score = 0.0443902978533707
>> [29434] dbg: bayes: DB expiry: tokens in DB: 135674, Expiry max size: 
>> 150000, Oldest atime: 1301021279, Newest atime: 1301421270, Last 
>> expire: 1301366854, Current time: 1301421320

On 29.03.11 11:04, John Hardin wrote:
> That's a pretty good bayes corpus size. I'd expect your bayes scores to 
> be more definitive.

if that was manually trained, it should. Was it manually trained?
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of. 

Re: Suddenly tons of spam

[John Hardin <jh...@impsec.org>]

On Tue, 29 Mar 2011, Max wrote:

> Heres the output of spamassassin -D --lint:
>
> [29434] dbg: bayes: DB journal sync: last sync: 1301418690
> [29434] dbg: bayes: corpus size: nspam = 114087, nham = 43887
> [29434] dbg: bayes: score = 0.0443902978533707
> [29434] dbg: bayes: DB expiry: tokens in DB: 135674, Expiry max size: 150000, 
> Oldest atime: 1301021279, Newest atime: 1301421270, Last expire: 1301366854, 
> Current time: 1301421320

That's a pretty good bayes corpus size. I'd expect your bayes scores to be 
more definitive.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
    "A well educated Electorate, being necessary to the liberty of a
     free State, the Right of the People to Keep and Read Books,
     shall not be infringed."
   ...means only registered voters can read books, and only those books
   obtained with State permission from State-controlled bookstores?
-----------------------------------------------------------------------
  Today: the M1911 is 100 years old - and still going strong!

Re: Suddenly tons of spam

["Warren Togami Jr." <wt...@gmail.com>]

On 3/29/2011 8:30 AM, RW wrote:
> On Tue, 29 Mar 2011 12:55:51 -0500
> Max<md...@breakawaysystems.com>  wrote:
>
>> Heres the output of spamassassin -D --lint:
>>
>> [29434] dbg: logger: adding facilities: all
>> [29434] dbg: logger: logging level is DBG
>> [29434] dbg: generic: SpamAssassin version
>
> Update to the current version. It's not worth giving it any more thought
> until you've done that. The rules for 3.2.5 haven't been worked on some
> time.

http://www.spamtips.org/p/ultimate-setup-guide.html
Indeed.  Upgrade to spamassassin-3.3.1, make sure sa-update is set to 
run at least once daily, then follow everything on this page to maximize 
its performance.

Warren

Re: Suddenly tons of spam

[jdow <jd...@earthlink.net>]

On 2011/03/29 11:30, RW wrote:
> On Tue, 29 Mar 2011 12:55:51 -0500
> Max<md...@breakawaysystems.com>  wrote:
>
>> Heres the output of spamassassin -D --lint:
>>
>> [29434] dbg: logger: adding facilities: all
>> [29434] dbg: logger: logging level is DBG
>> [29434] dbg: generic: SpamAssassin version
>
> Update to the current version. It's not worth giving it any more thought
> until you've done that. The rules for 3.2.5 haven't been worked on some
> time.

Nuts, 3.2.5 works well enough. Your comment basically tells the world
that it was not the update that caused the problem. It's more like
broken training.

The symptoms sound like somebody did one or more sa-learns with the -ham
and -spam reversed. I ruined my own bayes that way once, long ago. I
simply cleared it out and retrained with my saved corpus after automating
the process so I'd not mess up again.

{^_^}

Re: Suddenly tons of spam

[RW <rw...@googlemail.com>]

On Tue, 29 Mar 2011 12:55:51 -0500
Max <md...@breakawaysystems.com> wrote:

> Heres the output of spamassassin -D --lint:
> 
> [29434] dbg: logger: adding facilities: all
> [29434] dbg: logger: logging level is DBG
> [29434] dbg: generic: SpamAssassin version  

Update to the current version. It's not worth giving it any more thought
until you've done that. The rules for 3.2.5 haven't been worked on some
time.

Re: Suddenly tons of spam

[Max <md...@breakawaysystems.com>]

Heres the output of spamassassin -D --lint:

[29434] dbg: logger: adding facilities: all
[29434] dbg: logger: logging level is DBG
[29434] dbg: generic: SpamAssassin version 3.2.5
[29434] dbg: config: score set 0 chosen.
[29434] dbg: util: running in taint mode? yes
[29434] dbg: util: taint mode: deleting unsafe environment variables, 
resetting PATH
[29434] dbg: util: PATH included '/usr/local/sbin', keeping
[29434] dbg: util: PATH included '/usr/local/bin', keeping
[29434] dbg: util: PATH included '/usr/sbin', keeping
[29434] dbg: util: PATH included '/usr/bin', keeping
[29434] dbg: util: PATH included '/sbin', keeping
[29434] dbg: util: PATH included '/bin', keeping
[29434] dbg: util: PATH included '/usr/games', keeping
[29434] dbg: util: final PATH set to: 
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
[29434] dbg: dns: is Net::DNS::Resolver available? yes
[29434] dbg: dns: Net::DNS version: 0.63
[29434] dbg: diag: perl platform: 5.008008 linux
[29434] dbg: diag: module installed: Digest::SHA1, version 2.11
[29434] dbg: diag: module installed: HTML::Parser, version 3.56
[29434] dbg: diag: module installed: Net::DNS, version 0.63
[29434] dbg: diag: module installed: MIME::Base64, version 3.07
[29434] dbg: diag: module installed: DB_File, version 1.814
[29434] dbg: diag: module installed: Net::SMTP, version 2.31
[29434] dbg: diag: module installed: Mail::SPF, version v2.005
[29434] dbg: diag: module installed: Mail::SPF::Query, version 1.999001
[29434] dbg: diag: module installed: IP::Country::Fast, version 604.001
[29434] dbg: diag: module installed: Razor2::Client::Agent, version 2.84
[29434] dbg: diag: module installed: Net::Ident, version 1.23
[29434] dbg: diag: module installed: IO::Socket::INET6, version 2.65
[29434] dbg: diag: module installed: IO::Socket::SSL, version 1.33
[29434] dbg: diag: module installed: Compress::Zlib, version 2.008
[29434] dbg: diag: module installed: Time::HiRes, version 1.86
[29434] dbg: diag: module installed: Mail::DomainKeys, version 1.0
[29434] dbg: diag: module installed: Mail::DKIM, version 0.38
[29434] dbg: diag: module installed: DBI, version 1.601
[29434] dbg: diag: module installed: Getopt::Long, version 2.35
[29434] dbg: diag: module installed: LWP::UserAgent, version 2.036
[29434] dbg: diag: module installed: HTTP::Date, version 1.47
[29434] dbg: diag: module installed: Archive::Tar, version 1.36
[29434] dbg: diag: module installed: IO::Zlib, version 1.04
[29434] dbg: diag: module installed: Encode::Detect, version 1.01
[29434] dbg: ignore: using a test message to lint rules
[29434] dbg: config: using "/etc/spamassassin" for site rules pre files
[29434] dbg: config: read file /etc/spamassassin/init.pre
[29434] dbg: config: read file /etc/spamassassin/v310.pre
[29434] dbg: config: read file /etc/spamassassin/v312.pre
[29434] dbg: config: read file /etc/spamassassin/v320.pre
[29434] dbg: config: using "/var/lib/spamassassin/3.002005" for sys 
rules pre files
[29434] dbg: config: using "/var/lib/spamassassin/3.002005" for default 
rules dir
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
[29434] dbg: config: using "/etc/spamassassin" for site rules dir
[29434] dbg: config: read file /etc/spamassassin/65_debian.cf
[29434] dbg: config: read file /etc/spamassassin/local.cf
[29434] dbg: config: using "/home/mdunlap/.spamassassin/user_prefs" for 
user prefs file
[29434] dbg: config: read file /home/mdunlap/.spamassassin/user_prefs
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[29434] dbg: pyzor: local tests only, disabling Pyzor
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
[29434] dbg: razor2: local tests only, skipping Razor
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[29434] dbg: reporter: local tests only, disabling SpamCop
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[29434] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[29434] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from 
@INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags 
from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch 
from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from 
@INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC
[29434] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf" for 
included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf" for 
included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf" for 
included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf" for 
included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf" for 
included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf" for 
included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf" for 
included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf" for 
included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf" for 
included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf" for 
included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf" for 
included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
[29434] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
[29434] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf" 
for included file
[29434] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
[29434] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA
[29434] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E
[29434] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E 
__MO_OL_F3B05
[29434] dbg: rules: __JM_REACTOR_DATE merged duplicates: __RATWARE_0_TZ_DATE
[29434] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 
__XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF 
__XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01
[29434] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA
[29434] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: 
HS_SUBJ_NEW_SOFTWARE
[29434] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI
[29434] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A
[29434] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C 
__XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 
__XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8
[29434] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 
__MO_OL_CF0C0
[29434] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 
KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6
[29434] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 
__MO_OL_ADFF7
[29434] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6
[29434] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB 
__MO_OL_7533E
[29434] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40
[29434] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI
[29434] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B
[29434] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: 
BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF 
DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 
HS_UPLOADED_SOFTWARE OEBOUND RCVD_IN_DSBL STOX_RCVD_N_NN_N 
URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST 
URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP 
XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 
XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING
[29434] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E
[29434] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8
[29434] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01
[29434] dbg: conf: finish parsing
[29434] dbg: plugin: 
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x974e8ec) implements 
'finish_parsing_end', priority 0
[29434] dbg: replacetags: replacing tags
[29434] dbg: replacetags: done replacing tags
[29434] dbg: bayes: tie-ing to DB file R/O 
/var/spamassassin/bayes/bayes_toks
[29434] dbg: bayes: tie-ing to DB file R/O 
/var/spamassassin/bayes/bayes_seen
[29434] dbg: bayes: found bayes db version 3
[29434] dbg: bayes: DB journal sync: last sync: 1301418690
[29434] dbg: config: score set 2 chosen.
[29434] dbg: message: main message type: text/plain
[29434] dbg: message: ---- MIME PARSER START ----
[29434] dbg: message: parsing normal part
[29434] dbg: message: ---- MIME PARSER END ----
[29434] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0x97e642c) 
implements 'check_start', priority 0
[29434] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x9799e00) 
implements 'check_main', priority 0
[29434] dbg: conf: trusted_networks are not configured; it is 
recommended that you configure trusted_networks manually
[29434] dbg: metadata: X-Spam-Relays-Trusted:
[29434] dbg: metadata: X-Spam-Relays-Untrusted:
[29434] dbg: metadata: X-Spam-Relays-Internal:
[29434] dbg: metadata: X-Spam-Relays-External:
[29434] dbg: message: no encoding detected
[29434] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x898f894) implements 
'parsed_metadata', priority 0
[29434] dbg: dns: is_dns_available() last checked 1301421320.0 seconds 
ago; re-checking
[29434] dbg: dns: is DNS available? 0
[29434] dbg: rules: local tests only, ignoring RBL eval
[29434] dbg: check: running tests for priority: -1000
[29434] dbg: rules: running head tests; score so far=0
[29434] dbg: rules: compiled head tests
[29434] dbg: eval: all '*From' addrs: 
ignore@compiling.spamassassin.taint.org
[29434] dbg: eval: all '*To' addrs:
[29434] dbg: rules: running body tests; score so far=0
[29434] dbg: rules: compiled body tests
[29434] dbg: rules: running uri tests; score so far=0
[29434] dbg: rules: compiled uri tests
[29434] dbg: rules: running rawbody tests; score so far=0
[29434] dbg: rules: compiled rawbody tests
[29434] dbg: rules: running full tests; score so far=0
[29434] dbg: rules: compiled full tests
[29434] dbg: rules: running meta tests; score so far=0
[29434] dbg: rules: compiled meta tests
[29434] dbg: check: running tests for priority: -950
[29434] dbg: rules: running head tests; score so far=0
[29434] dbg: rules: compiled head tests
[29434] dbg: rules: running body tests; score so far=0
[29434] dbg: rules: compiled body tests
[29434] dbg: rules: running uri tests; score so far=0
[29434] dbg: rules: compiled uri tests
[29434] dbg: rules: running rawbody tests; score so far=0
[29434] dbg: rules: compiled rawbody tests
[29434] dbg: rules: running full tests; score so far=0
[29434] dbg: rules: compiled full tests
[29434] dbg: rules: running meta tests; score so far=0
[29434] dbg: rules: compiled meta tests
[29434] dbg: check: running tests for priority: -900
[29434] dbg: rules: running head tests; score so far=0
[29434] dbg: rules: compiled head tests
[29434] dbg: rules: running body tests; score so far=0
[29434] dbg: rules: compiled body tests
[29434] dbg: rules: running uri tests; score so far=0
[29434] dbg: rules: compiled uri tests
[29434] dbg: rules: running rawbody tests; score so far=0
[29434] dbg: rules: compiled rawbody tests
[29434] dbg: rules: running full tests; score so far=0
[29434] dbg: rules: compiled full tests
[29434] dbg: rules: running meta tests; score so far=0
[29434] dbg: rules: compiled meta tests
[29434] dbg: check: running tests for priority: -400
[29434] dbg: rules: running head tests; score so far=0
[29434] dbg: rules: compiled head tests
[29434] dbg: rules: running body tests; score so far=0
[29434] dbg: rules: compiled body tests
[29434] dbg: rules: running uri tests; score so far=0
[29434] dbg: rules: compiled uri tests
[29434] dbg: plugin: 
Mail::SpamAssassin::Plugin::WLBLEval=HASH(0x98ca56c) implements 
'check_wb_list', priority 0
[29434] dbg: bayes: DB journal sync: last sync: 1301418690
[29434] dbg: bayes: corpus size: nspam = 114087, nham = 43887
[29434] dbg: bayes: score = 0.0443902978533707
[29434] dbg: bayes: DB expiry: tokens in DB: 135674, Expiry max size: 
150000, Oldest atime: 1301021279, Newest atime: 1301421270, Last expire: 
1301366854, Current time: 1301421320
[29434] dbg: bayes: DB journal sync: last sync: 1301418690
[29434] dbg: bayes: untie-ing
[29434] dbg: rules: running rawbody tests; score so far=0
[29434] dbg: rules: compiled rawbody tests
[29434] dbg: rules: running full tests; score so far=0
[29434] dbg: rules: compiled full tests
[29434] dbg: rules: running meta tests; score so far=0
[29434] dbg: rules: compiled meta tests
[29434] dbg: check: running tests for priority: 0
[29434] dbg: rules: running head tests; score so far=0
[29434] dbg: rules: compiled head tests
[29434] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET"
[29434] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: "
[29434] dbg: rules: Message-Id: "
[29434] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET"
[29434] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: 
"@lint_rules>"
[29434] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: 
"1301421320"
[29434] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
[29434] dbg: rules: ran header rule __SANE_MSGID ======> got hit: 
"<13...@lint_rules>
[29434] dbg: rules: "
[29434] dbg: spf: checking to see if the message has a Received-SPF 
header that we can use
[29434] dbg: spf: already checked for Received-SPF headers, proceeding 
with DNS based checks
[29434] dbg: spf: already checked for Received-SPF headers, proceeding 
with DNS based checks
[29434] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1)
[29434] dbg: spf: already checked for Received-SPF headers, proceeding 
with DNS based checks
[29434] dbg: spf: already checked for Received-SPF headers, proceeding 
with DNS based checks
[29434] dbg: spf: cannot get Envelope-From, cannot use SPF
[29434] dbg: spf: def_spf_whitelist_from: could not find useable 
envelope sender
[29434] dbg: spf: already checked for Received-SPF headers, proceeding 
with DNS based checks
[29434] dbg: spf: already checked for Received-SPF headers, proceeding 
with DNS based checks
[29434] dbg: spf: already checked for Received-SPF headers, proceeding 
with DNS based checks
[29434] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit (1)
[29434] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1)
[29434] dbg: spf: spf_whitelist_from: could not find useable envelope sender
[29434] dbg: rules: running body tests; score so far=1.5
[29434] dbg: rules: compiled body tests
[29434] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"
[29434] dbg: rules: running uri tests; score so far=1.5
[29434] dbg: rules: compiled uri tests
[29434] dbg: eval: stock info total: 0
[29434] dbg: rules: ran eval rule BAYES_05 ======> got hit (1)
[29434] dbg: rules: running rawbody tests; score so far=0.39
[29434] dbg: rules: compiled rawbody tests
[29434] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: "need"
[29434] dbg: rules: running full tests; score so far=0.39
[29434] dbg: rules: compiled full tests
[29434] dbg: rules: running meta tests; score so far=0.39
[29434] dbg: rules: compiled meta tests
[29434] dbg: check: running tests for priority: 500
[29434] dbg: dns: harvest_dnsbl_queries
[29434] dbg: rules: running head tests; score so far=0.39
[29434] dbg: rules: compiled head tests
[29434] dbg: rules: running body tests; score so far=0.39
[29434] dbg: rules: compiled body tests
[29434] dbg: rules: running uri tests; score so far=0.39
[29434] dbg: rules: compiled uri tests
[29434] dbg: rules: running rawbody tests; score so far=0.39
[29434] dbg: rules: compiled rawbody tests
[29434] dbg: rules: running full tests; score so far=0.39
[29434] dbg: rules: compiled full tests
[29434] dbg: rules: running meta tests; score so far=0.39
[29434] dbg: rules: meta test DIGEST_MULTIPLE has undefined dependency 
'DCC_CHECK'
[29434] dbg: rules: compiled meta tests
[29434] dbg: check: running tests for priority: 1000
[29434] dbg: rules: running head tests; score so far=2.865
[29434] dbg: rules: compiled head tests
[29434] dbg: rules: running body tests; score so far=2.865
[29434] dbg: rules: compiled body tests
[29434] dbg: rules: running uri tests; score so far=2.865
[29434] dbg: rules: compiled uri tests
[29434] dbg: rules: running rawbody tests; score so far=2.865
[29434] dbg: rules: compiled rawbody tests
[29434] dbg: rules: running full tests; score so far=2.865
[29434] dbg: rules: compiled full tests
[29434] dbg: rules: running meta tests; score so far=2.865
[29434] dbg: rules: compiled meta tests
[29434] dbg: check: is spam? score=2.865 required=3.6
[29434] dbg: check: 
tests=BAYES_05,MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS
[29434] dbg: check: 
subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID





On 03/29/2011 12:48 PM, Mikael Syska wrote:
> Hi,
>
> On Tue, Mar 29, 2011 at 7:37 PM, Max<md...@breakawaysystems.com>  wrote:
>> Thanks but yeah it is running. I get a spam score on my messages. I'm going
>> to change my required spam cutoff score though
> 3.6 is very low and on my servers I would get way to many false
> positives. I'm running at 5.6
>
> If that is the only rules that are hit ... you have a problem.
>
> As Martin asked ... what version of SA are you runnning ?
> What rules were hit earliar? When did it change? What system files
> were changed when you started gettings all these spam message ?
>>
>> That should help with a large majority of it. It just concerns me that it
>> was so sudden. All my ham is below below 0
> What does "spamassasin -D --lint" show ?
>> heres a grep sample:
>>
>> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,
>> X-Spam-Status: No, score=2.6 required=3.6
>> tests=BAYES_50,HTML_IMAGE_RATIO_06,
>> X-Spam-Status: No, score=3.5 required=3.6
>> tests=BAYES_60,HTML_IMAGE_RATIO_02,
>> X-Spam-Status: No, score=1.0 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.5 required=3.6
>> tests=BAYES_50,DATE_IN_FUTURE_06_12,
>> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
>> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
>> X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
>> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_80,RAZOR2_CHECK,
>> X-Spam-Status: No, score=2.5 required=3.6
>> tests=BAYES_80,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
>> X-Spam-Status: No, score=2.1 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
>> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
>> X-Spam-Status: No, score=2.0 required=3.6 tests=BAYES_80,SPF_PASS
>> autolearn=no
>> X-Spam-Status: No, score=2.0 required=3.6 tests=BAYES_80,SPF_PASS
>> autolearn=no
>> X-Spam-Status: No, score=2.0 required=3.6
>> tests=BAYES_50,DATE_IN_FUTURE_06_12,
>> X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
>> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
>> X-Spam-Status: No, score=3.0 required=3.6
>> tests=BAYES_60,HTML_IMAGE_RATIO_06,
>> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
>> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
>> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
>> X-Spam-Status: No, score=1.3 required=3.6
>> tests=BAYES_50,DATE_IN_FUTURE_03_06,
>> X-Spam-Status: No, score=1.1 required=3.6 tests=BAYES_60,RDNS_NONE,SPF_PASS
>> X-Spam-Status: No, score=2.3 required=3.6 tests=BAD_CREDIT,BAYES_50,
>> X-Spam-Status: No, score=3.1 required=3.6 tests=BAYES_50,HTML_IMAGE_ONLY_08,
>> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
>> X-Spam-Status: No, score=3.5 required=3.6
>> tests=BAYES_60,DATE_IN_FUTURE_06_12,
>> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
>> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
>> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
>> X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.1 required=3.6 tests=BAYES_50,NO_DNS_FOR_FROM,
>> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
>> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.4 required=3.6 tests=BAYES_40,
>> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.9 required=3.6 tests=BAYES_00,SORTED_RECIPS,
>> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
>> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_50,
>> X-Spam-Status: No, score=3.3 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.0 required=3.6 tests=BAYES_80,SPF_PASS
>> autolearn=no
>> X-Spam-Status: No, score=3.0 required=3.6 tests=BAYES_95,SPF_PASS
>> autolearn=no
>> X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
>> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=1.5 required=3.6
>> tests=BAYES_60,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,SPF_SOFTFAIL
>> X-Spam-Status: No, score=-2.1 required=3.6 tests=BAYES_00,RAZOR2_CHECK,
>> X-Spam-Status: No, score=-2.1 required=3.6 tests=BAYES_00,RAZOR2_CHECK,
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=0.0 required=3.6 tests=BAYES_50,SPF_PASS
>> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
>> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_95,RAZOR2_CHECK,
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=0.0 required=3.6 tests=BAYES_50,SPF_PASS
>> X-Spam-Status: No, score=0.0 required=3.6 tests=BAYES_50,SPF_PASS
>> X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
>> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
>> X-Spam-Status: No, score=1.6 required=3.6 tests=BAYES_60,HTML_MESSAGE,
>> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
>> X-Spam-Status: No, score=1.5 required=3.6
>> tests=BAYES_60,HTML_IMAGE_RATIO_02,
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=1.0 required=3.6 tests=BAYES_60,SPF_PASS
>> X-Spam-Status: No, score=0.1 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=1.5 required=3.6
>> tests=BAYES_60,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=3.3 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=3.4 required=3.6
>> tests=BAYES_50,HTML_IMAGE_RATIO_08,
>> X-Spam-Status: No, score=3.1 required=3.6 tests=BAYES_80,HTML_MESSAGE,
>> X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_99,HTML_MESSAGE,
>> X-Spam-Status: No, score=3.1 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS,
>> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
>> X-Spam-Status: No, score=3.4 required=3.6
>> tests=BAYES_50,HTML_IMAGE_RATIO_08,
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=3.1 required=3.6
>> tests=BAYES_60,HTML_IMAGE_RATIO_08,
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_60,EXTRA_MPART_TYPE,
>> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,
>> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_60,HTML_IMAGE_ONLY_24,
>> X-Spam-Status: No, score=0.2 required=3.6
>> tests=BAYES_50,HTML_IMAGE_RATIO_04,
>> X-Spam-Status: No, score=3.3 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.9 required=3.6 tests=BAYES_80,HTML_MESSAGE,
>> X-Spam-Status: No, score=-0.5 required=3.6 tests=BAYES_05,RAZOR2_CHECK,
>> X-Spam-Status: No, score=2.9 required=3.6 tests=BAYES_80,HTML_MESSAGE,
>> X-Spam-Status: No, score=-2.0 required=3.6 tests=BAYES_00,RAZOR2_CHECK,
>> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,
>> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_80,RAZOR2_CHECK,
>> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_95,RAZOR2_CHECK,
>> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_80,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_80,HTML_MESSAGE,
>> X-Spam-Status: No, score=1.5 required=3.6
>> tests=BAYES_60,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=-2.1 required=3.6 tests=BAYES_00,RAZOR2_CHECK,
>> X-Spam-Status: No, score=0.5 required=3.6
>> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
>> X-Spam-Status: No, score=2.2 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_60,HTML_MESSAGE,
>> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>>
>>
>> On 03/29/2011 12:26 PM, Adam Moffett wrote:
>>> Without knowing anything about your setup it's just stabbing the dark, but
>>> is the spamd service running?
>>>
>>>
>>>> Hey, I know this message is kind of vague but I set up spamassassin a
>>>> while ago. It's been working great for a long time, but then out of no
>>>> where we started getting 127 or so spam messages per day. Could someone
>>>> point me in the right direction to diagnose/correct this problem? All
>>>> I've done so far is just run sa-update.
>>

Re: Suddenly tons of spam

[Mikael Syska <mi...@syska.dk>]

Hi,

On Tue, Mar 29, 2011 at 7:37 PM, Max <md...@breakawaysystems.com> wrote:
> Thanks but yeah it is running. I get a spam score on my messages. I'm going
> to change my required spam cutoff score though

3.6 is very low and on my servers I would get way to many false
positives. I'm running at 5.6

If that is the only rules that are hit ... you have a problem.

As Martin asked ... what version of SA are you runnning ?
What rules were hit earliar? When did it change? What system files
were changed when you started gettings all these spam message ?
>
>
> That should help with a large majority of it. It just concerns me that it
> was so sudden. All my ham is below below 0

What does "spamassasin -D --lint" show ?
>
> heres a grep sample:
>
> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,
> X-Spam-Status: No, score=2.6 required=3.6
> tests=BAYES_50,HTML_IMAGE_RATIO_06,
> X-Spam-Status: No, score=3.5 required=3.6
> tests=BAYES_60,HTML_IMAGE_RATIO_02,
> X-Spam-Status: No, score=1.0 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=2.5 required=3.6
> tests=BAYES_50,DATE_IN_FUTURE_06_12,
> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
> X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_80,RAZOR2_CHECK,
> X-Spam-Status: No, score=2.5 required=3.6
> tests=BAYES_80,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
> X-Spam-Status: No, score=2.1 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
> X-Spam-Status: No, score=2.0 required=3.6 tests=BAYES_80,SPF_PASS
> autolearn=no
> X-Spam-Status: No, score=2.0 required=3.6 tests=BAYES_80,SPF_PASS
> autolearn=no
> X-Spam-Status: No, score=2.0 required=3.6
> tests=BAYES_50,DATE_IN_FUTURE_06_12,
> X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
> X-Spam-Status: No, score=3.0 required=3.6
> tests=BAYES_60,HTML_IMAGE_RATIO_06,
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
> X-Spam-Status: No, score=1.3 required=3.6
> tests=BAYES_50,DATE_IN_FUTURE_03_06,
> X-Spam-Status: No, score=1.1 required=3.6 tests=BAYES_60,RDNS_NONE,SPF_PASS
> X-Spam-Status: No, score=2.3 required=3.6 tests=BAD_CREDIT,BAYES_50,
> X-Spam-Status: No, score=3.1 required=3.6 tests=BAYES_50,HTML_IMAGE_ONLY_08,
> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
> X-Spam-Status: No, score=3.5 required=3.6
> tests=BAYES_60,DATE_IN_FUTURE_06_12,
> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
> X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
> X-Spam-Status: No, score=2.1 required=3.6 tests=BAYES_50,NO_DNS_FOR_FROM,
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=2.4 required=3.6 tests=BAYES_40,
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,HTML_MESSAGE,
> X-Spam-Status: No, score=2.9 required=3.6 tests=BAYES_00,SORTED_RECIPS,
> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_50,
> X-Spam-Status: No, score=3.3 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=2.0 required=3.6 tests=BAYES_80,SPF_PASS
> autolearn=no
> X-Spam-Status: No, score=3.0 required=3.6 tests=BAYES_95,SPF_PASS
> autolearn=no
> X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=1.5 required=3.6
> tests=BAYES_60,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,SPF_SOFTFAIL
> X-Spam-Status: No, score=-2.1 required=3.6 tests=BAYES_00,RAZOR2_CHECK,
> X-Spam-Status: No, score=-2.1 required=3.6 tests=BAYES_00,RAZOR2_CHECK,
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=0.0 required=3.6 tests=BAYES_50,SPF_PASS
> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_95,RAZOR2_CHECK,
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=0.0 required=3.6 tests=BAYES_50,SPF_PASS
> X-Spam-Status: No, score=0.0 required=3.6 tests=BAYES_50,SPF_PASS
> X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
> X-Spam-Status: No, score=1.6 required=3.6 tests=BAYES_60,HTML_MESSAGE,
> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
> X-Spam-Status: No, score=1.5 required=3.6
> tests=BAYES_60,HTML_IMAGE_RATIO_02,
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=1.0 required=3.6 tests=BAYES_60,SPF_PASS
> X-Spam-Status: No, score=0.1 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=1.5 required=3.6
> tests=BAYES_60,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=3.3 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=3.4 required=3.6
> tests=BAYES_50,HTML_IMAGE_RATIO_08,
> X-Spam-Status: No, score=3.1 required=3.6 tests=BAYES_80,HTML_MESSAGE,
> X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_99,HTML_MESSAGE,
> X-Spam-Status: No, score=3.1 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS,
> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
> X-Spam-Status: No, score=3.4 required=3.6
> tests=BAYES_50,HTML_IMAGE_RATIO_08,
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=3.1 required=3.6
> tests=BAYES_60,HTML_IMAGE_RATIO_08,
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_60,EXTRA_MPART_TYPE,
> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,
> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_60,HTML_IMAGE_ONLY_24,
> X-Spam-Status: No, score=0.2 required=3.6
> tests=BAYES_50,HTML_IMAGE_RATIO_04,
> X-Spam-Status: No, score=3.3 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=2.9 required=3.6 tests=BAYES_80,HTML_MESSAGE,
> X-Spam-Status: No, score=-0.5 required=3.6 tests=BAYES_05,RAZOR2_CHECK,
> X-Spam-Status: No, score=2.9 required=3.6 tests=BAYES_80,HTML_MESSAGE,
> X-Spam-Status: No, score=-2.0 required=3.6 tests=BAYES_00,RAZOR2_CHECK,
> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,
> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_80,RAZOR2_CHECK,
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_95,RAZOR2_CHECK,
> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_80,HTML_MESSAGE,
> X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_80,HTML_MESSAGE,
> X-Spam-Status: No, score=1.5 required=3.6
> tests=BAYES_60,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=-2.1 required=3.6 tests=BAYES_00,RAZOR2_CHECK,
> X-Spam-Status: No, score=0.5 required=3.6
> tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
> X-Spam-Status: No, score=2.2 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_60,HTML_MESSAGE,
> X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>
>
> On 03/29/2011 12:26 PM, Adam Moffett wrote:
>>
>> Without knowing anything about your setup it's just stabbing the dark, but
>> is the spamd service running?
>>
>>
>>> Hey, I know this message is kind of vague but I set up spamassassin a
>>> while ago. It's been working great for a long time, but then out of no
>>> where we started getting 127 or so spam messages per day. Could someone
>>> point me in the right direction to diagnose/correct this problem? All
>>> I've done so far is just run sa-update.
>>
>
>

Re: Suddenly tons of spam

[Martin Gregorie <ma...@gregorie.org>]

On Tue, 2011-03-29 at 13:14 -0500, Max wrote:
> For a while we were getting spam messages that had images embedded as 
> text and not an attachment. Those are marked as spam but couldn't the 
> random characters of the image data increase the entropy of the database 
> and cause some less than definitive scores?
> 
> That aside. It seems like all my ham is bellow 0 so would changing the 
> cut off to something like 2.0 be bad practice?
> 
As the others have found, that message scores a lot higher here:

Content analysis details:   (9.5 points, 6.0 required)
 pts rule name              description
---- ---------------------- -------------------------------------------
 1.9 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL
                            blocklist
                            [URIs: dailynewdesign.com]
 1.7 URIBL_DBL_SPAM         Contains an URL listed in the DBL blocklist
                            [URIs: dailynewdesign.com]
-0.0 SPF_PASS               SPF: sender matches SPF record
 3.6 FB_THIS_ADVERT         BODY: Phrase: this advertiser
 1.0 MG_MEDPHRASE           Medication phrase
 1.3 RDNS_NONE              Delivered to internal network by a host with
                            no rDNS

It also hit three local rules, which added a total of 0.2 to the score -
they are all low scoring as they are used to trigger rather specific
meta rules. I've edited them out and adjusted the score accordingly.

I notice you're still running SA 3.2.5 while the current version (for
Fedora 14 packages) is 3.3.2. Time to upgrade?

Apart from the Bayes training that others have commented on, I notice
you haven't had either of the URIBL hits I got. That could be for either
of two reasons:
- you're not using URI blacklists
- the URI blacklist databases got updated in the interval between
  your check and when I scanned the message.

If you're not using blacklists, might it be time to start doing so?
 


Martin

Re: Suddenly tons of spam

[John Hardin <jh...@impsec.org>]

On Tue, 29 Mar 2011, Max wrote:

> For a while we were getting spam messages that had images embedded as text 
> and not an attachment. Those are marked as spam but couldn't the random 
> characters of the image data increase the entropy of the database and cause 
> some less than definitive scores?

I'm pretty sure that the content of images does not affect Bayes.

> That aside. It seems like all my ham is bellow 0 so would changing the cut 
> off to something like 2.0 be bad practice?

In general it is not recommended.

All of the score generation is done with the assumption the threshold is 5 
points. If you lower your threshold you are risking an increase in FPs.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
    "A well educated Electorate, being necessary to the liberty of a
     free State, the Right of the People to Keep and Read Books,
     shall not be infringed."
   ...means only registered voters can read books, and only those books
   obtained with State permission from State-controlled bookstores?
-----------------------------------------------------------------------
  Today: the M1911 is 100 years old - and still going strong!

Re: Suddenly tons of spam

[Bowie Bailey <Bo...@BUC.com>]

On 3/29/2011 2:14 PM, Max wrote:
> For a while we were getting spam messages that had images embedded as
> text and not an attachment. Those are marked as spam but couldn't the
> random characters of the image data increase the entropy of the
> database and cause some less than definitive scores?
>
> That aside. It seems like all my ham is bellow 0 so would changing the
> cut off to something like 2.0 be bad practice?

Definitely.  All of the stock SA rule scores are designed to flag spam
at 5 points.  If you go significantly lower than that, you start running
the risk of false positives and messages being marked as spam due to
single rules (which is usually a bad thing).

>
> On 03/29/2011 01:06 PM, Max wrote:
>> On occasions we will train the .Junk folder and others using sa-learn.
>> Also here is an example of spam as requested
>> http://www.nomorepasting.com/getpaste.php?pasteid=36037
>

That spam scores pretty high for me: 

X-Spam-Status: Yes, score=11.8 required=5.0
tests=FB_THIS_ADVERT,NO_RECEIVED,
       
NO_RELAYS,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,
        URIBL_DBL_SPAM,URIBL_JP_SURBL autolearn=no version=3.3.1
X-Spam-Report:
        *  1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
        *      [URIs: dailynewdesign.com]
        *  1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL
blocklist
        *      [URIs: dailynewdesign.com]
        * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
        *  3.6 FB_THIS_ADVERT BODY: Phrase: this advertiser
        *  1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
        *  2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8
confidence level
        *      above 50%
        *      [cf: 100]
        *  0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level
above 50%
        *      [cf: 100]
        * -0.0 NO_RECEIVED Informational: message has no Received headers

Granted, most of the hits are network rules...  Do you have the network
rules active?  Are you using Razor or Pyzor?

-- 
Bowie

Re: Suddenly tons of spam

[Max <md...@breakawaysystems.com>]

The maximum message size sent to spamd is set at 4mb

On 03/29/2011 01:14 PM, Max wrote:
> For a while we were getting spam messages that had images embedded as 
> text and not an attachment. Those are marked as spam but couldn't the 
> random characters of the image data increase the entropy of the 
> database and cause some less than definitive scores?
>
> That aside. It seems like all my ham is bellow 0 so would changing the 
> cut off to something like 2.0 be bad practice?
>
> On 03/29/2011 01:06 PM, Max wrote:
>> On occasions we will train the .Junk folder and others using sa-learn.
>> Also here is an example of spam as requested 
>> http://www.nomorepasting.com/getpaste.php?pasteid=36037
>>
>> On 03/29/2011 01:00 PM, John Hardin wrote:
>>> On Tue, 29 Mar 2011, Max wrote:
>>>
>>>> I'm going to change my required spam cutoff score though
>>>
>>> Please, not until other troubleshooting steps are tried!
>>>
>>>> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,
>>>> X-Spam-Status: No, score=2.6 required=3.6 
>>>> tests=BAYES_50,HTML_IMAGE_RATIO_06,
>>>> X-Spam-Status: No, score=3.5 required=3.6 
>>>> tests=BAYES_60,HTML_IMAGE_RATIO_02,
>>>> X-Spam-Status: No, score=1.0 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>>>> X-Spam-Status: No, score=2.5 required=3.6  
>>>> tests=BAYES_50,DATE_IN_FUTURE_06_12,
>>>
>>> etc.
>>>
>>> One thing that immediately leaps out is you need to train your 
>>> bayes. All of those are hitting 40-60, which shouldn't be happening, 
>>> especially for the bulk of spam.
>>>
>>> Note that this does not mean "turn on autolearning". Do you have ham 
>>> and spam training corpora collected? If not, start collecting. You 
>>> should plan on training with new messages at the very least once a 
>>> week, daily review of FPs and FNs and dropping then into mail 
>>> folders that are trained from nightly is standard practice.
>>>
>>
>

Re: Suddenly tons of spam

[Max <md...@breakawaysystems.com>]

For a while we were getting spam messages that had images embedded as 
text and not an attachment. Those are marked as spam but couldn't the 
random characters of the image data increase the entropy of the database 
and cause some less than definitive scores?

That aside. It seems like all my ham is bellow 0 so would changing the 
cut off to something like 2.0 be bad practice?

On 03/29/2011 01:06 PM, Max wrote:
> On occasions we will train the .Junk folder and others using sa-learn.
> Also here is an example of spam as requested 
> http://www.nomorepasting.com/getpaste.php?pasteid=36037
>
> On 03/29/2011 01:00 PM, John Hardin wrote:
>> On Tue, 29 Mar 2011, Max wrote:
>>
>>> I'm going to change my required spam cutoff score though
>>
>> Please, not until other troubleshooting steps are tried!
>>
>>> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,
>>> X-Spam-Status: No, score=2.6 required=3.6 
>>> tests=BAYES_50,HTML_IMAGE_RATIO_06,
>>> X-Spam-Status: No, score=3.5 required=3.6 
>>> tests=BAYES_60,HTML_IMAGE_RATIO_02,
>>> X-Spam-Status: No, score=1.0 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>>> X-Spam-Status: No, score=2.5 required=3.6  
>>> tests=BAYES_50,DATE_IN_FUTURE_06_12,
>>
>> etc.
>>
>> One thing that immediately leaps out is you need to train your bayes. 
>> All of those are hitting 40-60, which shouldn't be happening, 
>> especially for the bulk of spam.
>>
>> Note that this does not mean "turn on autolearning". Do you have ham 
>> and spam training corpora collected? If not, start collecting. You 
>> should plan on training with new messages at the very least once a 
>> week, daily review of FPs and FNs and dropping then into mail folders 
>> that are trained from nightly is standard practice.
>>
>

Re: Suddenly tons of spam

[Max <md...@breakawaysystems.com>]

On occasions we will train the .Junk folder and others using sa-learn.
Also here is an example of spam as requested 
http://www.nomorepasting.com/getpaste.php?pasteid=36037

On 03/29/2011 01:00 PM, John Hardin wrote:
> On Tue, 29 Mar 2011, Max wrote:
>
>> I'm going to change my required spam cutoff score though
>
> Please, not until other troubleshooting steps are tried!
>
>> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,
>> X-Spam-Status: No, score=2.6 required=3.6 
>> tests=BAYES_50,HTML_IMAGE_RATIO_06,
>> X-Spam-Status: No, score=3.5 required=3.6 
>> tests=BAYES_60,HTML_IMAGE_RATIO_02,
>> X-Spam-Status: No, score=1.0 required=3.6 tests=BAYES_50,HTML_MESSAGE,
>> X-Spam-Status: No, score=2.5 required=3.6  
>> tests=BAYES_50,DATE_IN_FUTURE_06_12,
>
> etc.
>
> One thing that immediately leaps out is you need to train your bayes. 
> All of those are hitting 40-60, which shouldn't be happening, 
> especially for the bulk of spam.
>
> Note that this does not mean "turn on autolearning". Do you have ham 
> and spam training corpora collected? If not, start collecting. You 
> should plan on training with new messages at the very least once a 
> week, daily review of FPs and FNs and dropping then into mail folders 
> that are trained from nightly is standard practice.
>

Re: Suddenly tons of spam

[John Hardin <jh...@impsec.org>]

On Tue, 29 Mar 2011, Max wrote:

> I'm going to change my required spam cutoff score though

Please, not until other troubleshooting steps are tried!

> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,
> X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,HTML_IMAGE_RATIO_06,
> X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,HTML_IMAGE_RATIO_02,
> X-Spam-Status: No, score=1.0 required=3.6 tests=BAYES_50,HTML_MESSAGE,
> X-Spam-Status: No, score=2.5 required=3.6  tests=BAYES_50,DATE_IN_FUTURE_06_12,

etc.

One thing that immediately leaps out is you need to train your bayes. All 
of those are hitting 40-60, which shouldn't be happening, especially for 
the bulk of spam.

Note that this does not mean "turn on autolearning". Do you have ham and 
spam training corpora collected? If not, start collecting. You should plan 
on training with new messages at the very least once a week, daily review 
of FPs and FNs and dropping then into mail folders that are trained from 
nightly is standard practice.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   USMC Rules of Gunfighting #12: Have a plan.
   USMC Rules of Gunfighting #13: Have a back-up plan, because the
   first one won't work.
-----------------------------------------------------------------------
  Today: the M1911 is 100 years old - and still going strong!

Re: Suddenly tons of spam

[Max <md...@breakawaysystems.com>]

Thanks but yeah it is running. I get a spam score on my messages. I'm 
going to change my required spam cutoff score though


That should help with a large majority of it. It just concerns me that 
it was so sudden. All my ham is below below 0

heres a grep sample:

X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,
X-Spam-Status: No, score=2.6 required=3.6 
tests=BAYES_50,HTML_IMAGE_RATIO_06,
X-Spam-Status: No, score=3.5 required=3.6 
tests=BAYES_60,HTML_IMAGE_RATIO_02,
X-Spam-Status: No, score=1.0 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=2.5 required=3.6 
tests=BAYES_50,DATE_IN_FUTURE_06_12,
X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_80,RAZOR2_CHECK,
X-Spam-Status: No, score=2.5 required=3.6 
tests=BAYES_80,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
X-Spam-Status: No, score=2.1 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
X-Spam-Status: No, score=2.0 required=3.6 tests=BAYES_80,SPF_PASS 
autolearn=no
X-Spam-Status: No, score=2.0 required=3.6 tests=BAYES_80,SPF_PASS 
autolearn=no
X-Spam-Status: No, score=2.0 required=3.6 
tests=BAYES_50,DATE_IN_FUTURE_06_12,
X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
X-Spam-Status: No, score=3.0 required=3.6 
tests=BAYES_60,HTML_IMAGE_RATIO_06,
X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
X-Spam-Status: No, score=1.3 required=3.6 
tests=BAYES_50,DATE_IN_FUTURE_03_06,
X-Spam-Status: No, score=1.1 required=3.6 tests=BAYES_60,RDNS_NONE,SPF_PASS
X-Spam-Status: No, score=2.3 required=3.6 tests=BAD_CREDIT,BAYES_50,
X-Spam-Status: No, score=3.1 required=3.6 tests=BAYES_50,HTML_IMAGE_ONLY_08,
X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
X-Spam-Status: No, score=3.5 required=3.6 
tests=BAYES_60,DATE_IN_FUTURE_06_12,
X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
X-Spam-Status: No, score=2.1 required=3.6 tests=BAYES_50,NO_DNS_FOR_FROM,
X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=2.4 required=3.6 tests=BAYES_40,
X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,HTML_MESSAGE,
X-Spam-Status: No, score=2.9 required=3.6 tests=BAYES_00,SORTED_RECIPS,
X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_50,
X-Spam-Status: No, score=3.3 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=2.0 required=3.6 tests=BAYES_80,SPF_PASS 
autolearn=no
X-Spam-Status: No, score=3.0 required=3.6 tests=BAYES_95,SPF_PASS 
autolearn=no
X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=1.5 required=3.6 
tests=BAYES_60,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=0.6 required=3.6 tests=BAYES_50,SPF_SOFTFAIL
X-Spam-Status: No, score=-2.1 required=3.6 tests=BAYES_00,RAZOR2_CHECK,
X-Spam-Status: No, score=-2.1 required=3.6 tests=BAYES_00,RAZOR2_CHECK,
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=0.0 required=3.6 tests=BAYES_50,SPF_PASS
X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_95,RAZOR2_CHECK,
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=0.0 required=3.6 tests=BAYES_50,SPF_PASS
X-Spam-Status: No, score=0.0 required=3.6 tests=BAYES_50,SPF_PASS
X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,RAZOR2_CHECK,
X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
X-Spam-Status: No, score=1.6 required=3.6 tests=BAYES_60,HTML_MESSAGE,
X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=2.7 required=3.6 tests=BAYES_60,HTML_MESSAGE,
X-Spam-Status: No, score=1.5 required=3.6 
tests=BAYES_60,HTML_IMAGE_RATIO_02,
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=1.0 required=3.6 tests=BAYES_60,SPF_PASS
X-Spam-Status: No, score=0.1 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=1.5 required=3.6 
tests=BAYES_60,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=3.3 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=3.4 required=3.6 
tests=BAYES_50,HTML_IMAGE_RATIO_08,
X-Spam-Status: No, score=3.1 required=3.6 tests=BAYES_80,HTML_MESSAGE,
X-Spam-Status: No, score=0.5 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_99,HTML_MESSAGE,
X-Spam-Status: No, score=3.1 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS,
X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_50,
X-Spam-Status: No, score=3.4 required=3.6 
tests=BAYES_50,HTML_IMAGE_RATIO_08,
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=3.1 required=3.6 
tests=BAYES_60,HTML_IMAGE_RATIO_08,
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_60,
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_60,EXTRA_MPART_TYPE,
X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,
X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_60,HTML_IMAGE_ONLY_24,
X-Spam-Status: No, score=0.2 required=3.6 
tests=BAYES_50,HTML_IMAGE_RATIO_04,
X-Spam-Status: No, score=3.3 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=2.9 required=3.6 tests=BAYES_80,HTML_MESSAGE,
X-Spam-Status: No, score=-0.5 required=3.6 tests=BAYES_05,RAZOR2_CHECK,
X-Spam-Status: No, score=2.9 required=3.6 tests=BAYES_80,HTML_MESSAGE,
X-Spam-Status: No, score=-2.0 required=3.6 tests=BAYES_00,RAZOR2_CHECK,
X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_50,
X-Spam-Status: No, score=2.6 required=3.6 tests=BAYES_80,RAZOR2_CHECK,
X-Spam-Status: No, score=3.5 required=3.6 tests=BAYES_95,RAZOR2_CHECK,
X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_80,HTML_MESSAGE,
X-Spam-Status: No, score=2.5 required=3.6 tests=BAYES_80,HTML_MESSAGE,
X-Spam-Status: No, score=1.5 required=3.6 
tests=BAYES_60,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=-2.1 required=3.6 tests=BAYES_00,RAZOR2_CHECK,
X-Spam-Status: No, score=0.5 required=3.6 
tests=BAYES_50,RAZOR2_CHECK,SPF_PASS
X-Spam-Status: No, score=2.2 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,
X-Spam-Status: No, score=3.2 required=3.6 tests=BAYES_60,HTML_MESSAGE,
X-Spam-Status: No, score=1.7 required=3.6 tests=BAYES_50,HTML_MESSAGE,


On 03/29/2011 12:26 PM, Adam Moffett wrote:
> Without knowing anything about your setup it's just stabbing the dark, 
> but is the spamd service running?
>
>
>> Hey, I know this message is kind of vague but I set up spamassassin a
>> while ago. It's been working great for a long time, but then out of no
>> where we started getting 127 or so spam messages per day. Could someone
>> point me in the right direction to diagnose/correct this problem? All
>> I've done so far is just run sa-update.
>