You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Weber <mw...@alliednational.com> on 2008/01/09 22:28:16 UTC
Crazy AWL score
Hello!
I have gotten several emails over the past 3 weeks with a really crazy AWL score. Here's the headers from a message with a 4138 AWL score.
Where should I begin looking for this one?
Thanx!
-Michael
=======================================================
Return-path: <bo...@interact.novell.com>
Received: from mail-gw.alliednational.com ([172.16.30.12])
by apps-3.alliednational.com with ESMTP; Tue, 08 Jan 2008 18:55:30 -0600
Received: from mail-gw.alliednational.com (mail-gw.alliednational.com [127.0.0.1])
by mail-gw.alliednational.com (Postfix) with ESMTP id 4FA0E32DF3
for <mw...@alliednational.com>; Tue, 8 Jan 2008 18:55:26 -0600 (CST)
Received: (from filter@localhost)
by mail-gw.alliednational.com (8.13.1/8.13.1/Submit) id m090tMh8012626
for mweber@alliednational.com; Tue, 8 Jan 2008 18:55:22 -0600
X-Authentication-Warning: mail-gw.alliednational.com: filter set sender to bounces@interact.novell.com using -f
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
mail-gw.alliednational.com
X-Spam-Level: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
X-Spam-Status: Yes, score=4049.2 required=5.0 tests=AWL,BAYES_99,COMBINED_FROM,
FVGT_m_MULTI_ODD2,FVGT_m_MULTI_ODD3,FVGT_m_MULTI_ODD4,HTML_50_60,
HTML_COLOR_FFFFFF,HTML_FONT_BIG,MY_SENT2U,OACYS_HASH,USER_IN_WHITELIST
autolearn=disabled version=3.1.8
X-Spam-Report:
* 0.3 COMBINED_FROM Evil froms
* -100 USER_IN_WHITELIST From: address is in the user's white-list
* 0.8 MY_SENT2U BODY: Tells me how the message was sent to me.
* 1.0 OACYS_HASH BODY: Looks like uw2915ph74o7nn60ik858hd64
* 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
* 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size
* 4.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 3.0 HTML_COLOR_FFFFFF RAW: Uses spammers favorite font color
* 0.3 FVGT_m_MULTI_ODD3 Contains multiple odd letter combinations
* 1.1 FVGT_m_MULTI_ODD2 Contains multiple odd letter combinations
* 0.3 FVGT_m_MULTI_ODD4 Contains multiple odd letter combinations
* 4138 AWL AWL: From: address is in the auto white-list
Received: from interact.novell.com (jarvis.provo.novell.com [137.65.244.88])
by mail-gw.alliednational.com (Postfix) with ESMTP id D8A5332DE8
for <mw...@alliednational.com>; Tue, 8 Jan 2008 18:55:21 -0600 (CST)
Received: from minuet.provo.novell.com ([::ffff:137.65.246.40])
by interact.novell.com with ESMTP; Tue, 08 Jan 2008 14:04:09 -0700
Message-ID: <1....@dialog>
Date: Tue, 8 Jan 2008 13:54:50 -0700 (MST)
From: Novell Patch Notification <su...@novell.com>
Reply-To: supportupdates_noreply@novell.com
To: mweber@alliednational.com
Subject: %%SPAM%% (4049.2) 08 JAN 2008 Novell Customer Center (1 New Patch)
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_337650_26873607.1199825748880"
X-Spam-Prev-Subject: 08 JAN 2008 Novell Customer Center (1 New Patch)
------=_Part_337650_26873607.1199825748880
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
08 JAN 2008 Novell Customer Center (1 New Patch)
E-MAIL CONFIDENTIALITY NOTICE: This communication and any associated
file(s) may contain privileged, confidential or proprietary information
or be protected from disclosure under law ("Confidential Information").
Any use or disclosure of this Confidential Information, or taking any
action in reliance thereon, by any individual/entity other than the
intended recipient(s) is strictly prohibited. This Confidential
Information is intended solely for the use of the
individual(s) addressed. If you are not an intended recipient, you have
received this Confidential Information in error and have an obligation
to promptly inform the sender and permanently destroy, in its entirety,
this Confidential Information (and all copies thereof). E-mail is
handled in the strictest of confidence by Allied National, however,
unless sent encrypted, it is not a secure communication method and may
have been intercepted, edited or altered during transmission and
therefore is not guaranteed.
Re: Crazy AWL score
Posted by Michael Weber <mw...@alliednational.com>.
Hey, Matt et. al.
I deleted the AWL database (which seems to be corrupt) and I haven't seen the problem again.
Thanx for your help!
-Michael
>>> Matt Kettler <mk...@verizon.net> 1/9/2008 6:36 PM >>>
Michael Weber wrote:
> Hello!
>
> I have gotten several emails over the past 3 weeks with a really crazy AWL score. Here's the headers from a message with a 4138 AWL score.
>
> Where should I begin looking for this one?
>
That's so crazy, I'd want to see the AWL debugging..
spamassassin -D auto-whitelist < messagefile.txt
I'd also wonder if the AWL database is just plain corrupted.. It seems
highly implausible that any normal action, even mis-action by GTUBE
could cause the AWL to score this way. It would have to think the
average score is around 8000!
E-MAIL CONFIDENTIALITY NOTICE: This communication and any associated
file(s) may contain privileged, confidential or proprietary information
or be protected from disclosure under law ("Confidential Information").
Any use or disclosure of this Confidential Information, or taking any
action in reliance thereon, by any individual/entity other than the
intended recipient(s) is strictly prohibited. This Confidential
Information is intended solely for the use of the
individual(s) addressed. If you are not an intended recipient, you have
received this Confidential Information in error and have an obligation
to promptly inform the sender and permanently destroy, in its entirety,
this Confidential Information (and all copies thereof). E-mail is
handled in the strictest of confidence by Allied National, however,
unless sent encrypted, it is not a secure communication method and may
have been intercepted, edited or altered during transmission and
therefore is not guaranteed.
Re: Crazy AWL score
Posted by Matt Kettler <mk...@verizon.net>.
Michael Weber wrote:
> Hello!
>
> I have gotten several emails over the past 3 weeks with a really crazy AWL score. Here's the headers from a message with a 4138 AWL score.
>
> Where should I begin looking for this one?
>
That's so crazy, I'd want to see the AWL debugging..
spamassassin -D auto-whitelist < messagefile.txt
I'd also wonder if the AWL database is just plain corrupted.. It seems
highly implausible that any normal action, even mis-action by GTUBE
could cause the AWL to score this way. It would have to think the
average score is around 8000!
Re: Crazy AWL score
Posted by mouss <mo...@netoyen.net>.
Michael Weber wrote:
> Hello!
>
> I have gotten several emails over the past 3 weeks with a really crazy AWL score. Here's the headers from a message with a 4138 AWL score.
>
> Where should I begin looking for this one?
>
I disabled AWL since long (and I didn't notice a reduction in accuracy).
If you don't want to disable AWL, make sure to explicitely set
trusted_networks and the like. then purge the current awl to start from
scratch. if a lot of mail is incorrectly classified, it will be learned
as such. so either retrain on error or disable awl.