You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chavdar Videff <ch...@mr-bricolage.bg> on 2005/06/01 10:09:28 UTC
sa-learn
Hello List,
After fixing my spamassassin installation according to your recommendations, I
started to receive reports from spamassassin and the original spam mails are
encapsulated in these report mails.
Can I feed these report messages to sa-learn in order to teach bayes or I
should change the configuration.
================================================================
mail1:/home/chavdar# cat /etc/mail/spamassassin/local.cf
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
###########################################################################
#
# rewrite_header Subject *****SPAM*****
# report_safe 1
# trusted_networks 10.50
# lock_method flock
required_hits 5
#rewrite_subject 1
#report_header 1
#use_terse_report 1
#defang_mime 0
#report_safe 0
use_bayes 1
use_bayes_rules 1
score BAYES_99 4
bayes_auto_learn 0
auto_learn 0
===================================================================================
The message sample:
===================================================================================
Received: from localhost by mail1.mr-bricolage.bg
with SpamAssassin (version 3.0.3);
Wed, 01 Jun 2005 10:43:13 +0300
From: "Peaceful B. Speculating" <un...@benchmarkrings.com>
To: Andrei <an...@doverie.bg>
Subject: RE: cheapest Cialis delivered anonymously
Date: Wed, 01 Jun 2005 00:43:59 -0700
Message-Id: <11...@benchmarkrings.com>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on
mail1.mr-bricolage.bg
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.2 required=2.0 tests=DRUGS_ERECTILE,
FORGED_RCVD_HELO,HTML_90_100,HTML_IMAGE_ONLY_12,HTML_MESSAGE,
MPART_ALT_DIFF,SUBJECT_DRUG_GAP_C autolearn=disabled version=3.0.3
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------=_429D6711.BCDD772C"
Status: R
X-Status: N
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:
Spam detection software, running on the system "mail1.mr-bricolage.bg", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hiya! :)
http://venkatramanfg.com/D3P9pFi3uxt4rXn1vpaf6PM2l/BwwKIQsOJwYJFAshBwJJAAE=.htm
The secret to creativity is knowing how to hide your sources. [...]
Content analysis details: (5.2 points, 2.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.9 SUBJECT_DRUG_GAP_C Subject contains a gappy version of 'cialis'
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
1.5 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.5 MPART_ALT_DIFF BODY: HTML and text parts are different
0.2 HTML_90_100 BODY: Message is 90% to 100% HTML
0.0 DRUGS_ERECTILE Refers to an erectile drug
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
Encapsulated message
Return-Path: <un...@benchmarkrings.com>
Received: from fw.doverie.bg (doh-gw.customer.0rbitel.net [195.24.44.114])
by mail1.mr-bricolage.bg (8.13.3/8.13.3/Debian-6) with SMTP id
j517hA1v025021
for <an...@mr-bricolage.bg>; Wed, 1 Jun 2005 10:43:12 +0300
Received: (qmail 3438 invoked by uid 507); 1 Jun 2005 07:40:56 -0000
Delivered-To: doverie.bg-andrei@doverie.bg
Received: (qmail 3435 invoked by uid 503); 1 Jun 2005 07:40:56 -0000
Received: from unlatch@benchmarkrings.com by fw.doverie.bg by uid 500 with
qmail-scanner-1.15
(f-prot: 3.12. Clear:.
Processed in 1.520528 secs); 01 Jun 2005 07:40:56 -0000
Received: from unknown (HELO holistictech.com) (210.110.86.127)
by 0 with SMTP; 1 Jun 2005 07:40:51 -0000
Received: from benchmarkrings.com (mail.benchmarkrings.com [208.21.167.2])
by holistictech.com with esmtp
id 5BB70676FE for <an...@doverie.bg>; Wed, 01 Jun 2005 00:43:59 -0700
Message-ID: <11...@benchmarkrings.com>
From: "Peaceful B. Speculating" <un...@benchmarkrings.com>
To: Andrei <an...@doverie.bg>
Subject: RE: cheapest Cialis delivered anonymously
Date: Wed, 01 Jun 2005 00:43:59 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0035_BD960E63.07248F6A"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiVirus: skaner antywirusowy poczty Wirtualnej Polski S. A.
Hiya! :)
http://venkatramanfg.com/D3P9pFi3uxt4rXn1vpaf6PM2l/BwwKIQsOJwYJFAshBwJJAAE=.htm
The secret to creativity is knowing how to hide your sources.
Adjuess
http://venkatramanfg.com/D3P9pFi3uxt4rXn1vpaf6PM2l/BwwKIQsOJwYJFAshBwJJAAE=.html
End of encapsulated message
Re: sa-learn
Posted by Matt Kettler <mk...@comcast.net>.
At 04:09 AM 6/1/2005, Chavdar Videff wrote:
>After fixing my spamassassin installation according to your
>recommendations, I
>started to receive reports from spamassassin and the original spam mails are
>encapsulated in these report mails.
>Can I feed these report messages to sa-learn in order to teach bayes or I
>should change the configuration.
sa-learn recognizes markups made by spamassassin, including encapsulation,
and will correctly undo the encapsulation before learning the message.
However, if you use some other tool such as mimedefang to do your
encapsulation, SA won't recognize that.