You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Craig <cc...@unitedwayqc.org> on 2009/01/06 21:07:38 UTC
New spam-to me-and how do I stop.
Hello All-
I have recently been getting MANY spam slipping through Spamassassin and I am looking for help on how to stop. I have used Spamassassin with Bayes successfully for many years now and once I train the system on new spam, the system does an excellent job of stopping. These messages are very short and include a link. The subject is usually regarding watches, or are thinly disguised viagra ads. Many are sent from aim.com Below is header info and below that is the Spamassassin output of an email that has slipped through.
Specs:
SA 3.17
With Bayes integration, DNS testing.
Thanks
Craig
To: gillian.gray4@btinternet.com
Subject: Private Message.
Date: Tue, 06 Jan 2009 14:36:43 -0500
X-AOL-IP: 81.37.21.218
X-MB-Message-Source: WebUI
MIME-Version: 1.0
From: omqdwc63ubu@aim.com
X-MB-Message-Type: User
Content-Type: multipart/alternative;
boundary="--------MB_8CB3E4D3D238A60_FE4_95E_Webmail-mg02.sim.aol.com"
X-Mailer: AIM WebMail 40627-STANDARD
Received: from 81.37.21.218 by Webmail-mg02.sim.aol.com (64.12.142.150) with HTTP (WebMailUI); Tue, 06 Jan 2009 14:36:43 -0500
Message-Id: <8C...@Webmail-mg02.sim.aol.com>
X-Spam-Flag:YES
----------MB_8CB3E4D3D238A60_FE4_95E_Webmail-mg02.sim.aol.com
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Don't fail in the bed games. Try THIS.
50 percent add present
>>>?http://www.ecbdollar.com/sp.php?<<<
_______________________________________________________________________________________
Spam detection software, running on the system "spam_server.unitedwayqc.lcl", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
ccanfield@unitedwayqc.org for details.
Content preview: Breakthrough formula for men 50 percent add present
>>>?http://www.canada-cz.com/sp.php?<<< [...]
Content analysis details: (3.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 NO_REAL_NAME From: does not include a real name
2.2 FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
Re: New spam-to me-and how do I stop.
Posted by Benny Pedersen <me...@junc.org>.
On Tue, January 6, 2009 21:31, Bob McClure Jr wrote:
> Directly from our local.cf:
> ========= 8< snip -----------------
> # We've (or at least the webmaster has) had a problem with spam
> # from aim.com users, coming from AOL servers. After much training,
> # they hit BAYES_99, but not enough other rules to go over the edge.
> # These are designed to handle that.
> header __RLM_RCVD_FROM_AOL Received =~ /from .*\.aol\.com/
> header __RLM_FROM_AIM_USER From =~ /\w+\@aim\.com/
> meta RLM_AIM_SPAM (__RLM_RCVD_FROM_AOL && __RLM_FROM_AIM_USER)
> # Most of this already scores 3.5.
> score RLM_AIM_SPAM 1.6
> ========= 8< snip -----------------
>
> Set your score to push them over the threshold. Much more than that
> and you risk FPs.
use spf
http://old.openspf.org/wizard.html?mydomain=aim.com&submit=Go!
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: New spam-to me-and how do I stop.
Posted by Bob McClure Jr <bo...@bobcatos.com>.
On Tue, Jan 06, 2009 at 02:07:38PM -0600, Craig wrote:
> Hello All-
>
> I have recently been getting MANY spam slipping through Spamassassin and I am looking for help on how to stop. I have used Spamassassin with Bayes successfully for many years now and once I train the system on new spam, the system does an excellent job of stopping. These messages are very short and include a link. The subject is usually regarding watches, or are thinly disguised viagra ads. Many are sent from aim.com Below is header info and below that is the Spamassassin output of an email that has slipped through.
>
> Specs:
> SA 3.17
> With Bayes integration, DNS testing.
>
> Thanks
> Craig
>
> To: gillian.gray4@btinternet.com
> Subject: Private Message.
> Date: Tue, 06 Jan 2009 14:36:43 -0500
> X-AOL-IP: 81.37.21.218
> X-MB-Message-Source: WebUI
> MIME-Version: 1.0
> From: omqdwc63ubu@aim.com
> X-MB-Message-Type: User
> Content-Type: multipart/alternative;
> boundary="--------MB_8CB3E4D3D238A60_FE4_95E_Webmail-mg02.sim.aol.com"
> X-Mailer: AIM WebMail 40627-STANDARD
> Received: from 81.37.21.218 by Webmail-mg02.sim.aol.com (64.12.142.150) with HTTP (WebMailUI); Tue, 06 Jan 2009 14:36:43 -0500
> Message-Id: <8C...@Webmail-mg02.sim.aol.com>
> X-Spam-Flag:YES
>
>
> ----------MB_8CB3E4D3D238A60_FE4_95E_Webmail-mg02.sim.aol.com
> Content-Transfer-Encoding: 7bit
> Content-Type: text/plain; charset="us-ascii"
>
> Don't fail in the bed games. Try THIS.
>
> 50 percent add present
>
> >>>?http://www.ecbdollar.com/sp.php?<<<
>
>
> _______________________________________________________________________________________
>
>
> Spam detection software, running on the system "spam_server.unitedwayqc.lcl", has
> identified this incoming email as possible spam. The original message
> has been attached to this so you can view it (if it isn't spam) or label
> similar future email. If you have any questions, see
> ccanfield@unitedwayqc.org for details.
>
> Content preview: Breakthrough formula for men 50 percent add present
> >>>?http://www.canada-cz.com/sp.php?<<< [...]
>
> Content analysis details: (3.3 points, 5.0 required)
>
> pts rule name description
> ---- ---------------------- --------------------------------------------------
> 1.0 NO_REAL_NAME From: does not include a real name
> 2.2 FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters
> 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
> 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> [score: 0.5000]
Directly from our local.cf:
========= 8< snip -----------------
# We've (or at least the webmaster has) had a problem with spam
# from aim.com users, coming from AOL servers. After much training,
# they hit BAYES_99, but not enough other rules to go over the edge.
# These are designed to handle that.
header __RLM_RCVD_FROM_AOL Received =~ /from .*\.aol\.com/
header __RLM_FROM_AIM_USER From =~ /\w+\@aim\.com/
meta RLM_AIM_SPAM (__RLM_RCVD_FROM_AOL && __RLM_FROM_AIM_USER)
# Most of this already scores 3.5.
score RLM_AIM_SPAM 1.6
========= 8< snip -----------------
Set your score to push them over the threshold. Much more than that
and you risk FPs.
Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
bob@bobcatos.com http://www.bobcatos.com
My son, do not despise the LORD's discipline and do not resent his
rebuke, because the LORD disciplines those he loves, as a father the
son he delights in. Proverbs 3:11-12 (NIV)
Re: New spam-to me-and how do I stop.
Posted by Kai Schaetzl <ma...@conactive.com>.
Craig wrote on Tue, 06 Jan 2009 14:07:38 -0600:
> X-Spam-Flag:YES
who added this? Maybe just act on it ...
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: New spam-to me-and how do I stop.
Posted by Evan Platt <ev...@espphotography.com>.
Scored a 6.2 on my system. Were those the full headers?
Content analysis details: (6.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP
3.3 TVD_RCVD_IP4 TVD_RCVD_IP4
1.6 TVD_RCVD_IP TVD_RCVD_IP
2.7 MISSING_MIME_HB_SEP BODY: Missing blank line between MIME header and
body
At 12:07 PM 1/6/2009, you wrote:
>Hello All-
>
>I have recently been getting MANY spam slipping through Spamassassin
>and I am looking for help on how to stop. I have used Spamassassin
>with Bayes successfully for many years now and once I train the
>system on new spam, the system does an excellent job of stopping.
>These messages are very short and include a link. The subject is
>usually regarding watches, or are thinly disguised viagra ads. Many
>are sent from aim.com Below is header info and below that is the
>Spamassassin output of an email that has slipped through.
>
>Specs:
>SA 3.17
>With Bayes integration, DNS testing.
>
>Thanks
>Craig
>
>To: <ma...@btinternet.com>gillian.gray4@btinternet.com
>Subject: Private Message.
>Date: Tue, 06 Jan 2009 14:36:43 -0500
>X-AOL-IP: 81.37.21.218
>X-MB-Message-Source: WebUI
>MIME-Version: 1.0
>From: <ma...@aim.com>omqdwc63ubu@aim.com
>X-MB-Message-Type: User
>Content-Type: multipart/alternative;
> boundary="--------MB_8CB3E4D3D238A60_FE4_95E_Webmail-mg02.sim.aol.com"
>X-Mailer: AIM WebMail 40627-STANDARD
>Received: from 81.37.21.218 by Webmail-mg02.sim.aol.com
>(64.12.142.150) with HTTP (WebMailUI); Tue, 06 Jan 2009 14:36:43 -0500
>Message-Id:
><<m...@Webmail-mg02.sim.aol.com>
>X-Spam-Flag:YES
>
>
>----------MB_8CB3E4D3D238A60_FE4_95E_Webmail-mg02.sim.aol.com
>Content-Transfer-Encoding: 7bit
>Content-Type: text/plain; charset="us-ascii"
>
>Don't fail in the bed games. Try THIS.
>
>50 percent add present
>
>>>>?http://www.ecbdollar.com/sp.php?<<<
>
>
>_______________________________________________________________________________________
>
>
>Spam detection software, running on the system
>"spam_server.unitedwayqc.lcl", has
>identified this incoming email as possible spam. The original message
>has been attached to this so you can view it (if it isn't spam) or label
>similar future email. If you have any questions, see
><ma...@unitedwayqc.org>ccanfield@unitedwayqc.org for details.
>
>Content preview: Breakthrough formula for men 50 percent add present
> >>>?http://www.canada-cz.com/sp.php?<<< [...]
>
>Content analysis details: (3.3 points, 5.0 required)
>
> pts rule name description
>---- ---------------------- --------------------------------------------------
> 1.0 NO_REAL_NAME From: does not include a real name
> 2.2 FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters
> 0.0 UNPARSEABLE_RELAY Informational: message has unparseable
> relay lines
> 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> [score: 0.5000]
>
>
>
>
Re: New spam-to me-and how do I stop.
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> Matus UHLAR - fantomas wrote:
> > On 07.01.09 11:46, Craig wrote:
> >
> >> X-Mailer: Novell GroupWise Internet Agent 7.0.2 HP
> >>
> >
> >
> >>>>> Randy <rr...@livedatagroup.com> 1/6/2009 2:42 PM >>>
> >>>>>
> >> Post 3 similar messages on pastbin so that we can determine a common
> >> factor between them. Use pastbin, not this list to post the message.
> >>
> >
> >
> >> I have 3 messages posted at pastebin.com under the user craig.
> >>
> >> Thanks.
> >>
> >
> > Please, quote content you are replying to, so we can differ between text
> > written by you and others.
> >>> Randy <rr...@livedatagroup.com> 1/8/2009 8:09 AM >>>
> I briefly looked for this and can't find the 3 messages. I thinking
> posting a link may help.
Randy - I did NOT mention any three messages. I appealed to Craig so he
would quote messages he is replying.
On 08.01.09 09:13, Craig wrote:
> Here are the links to 3 sample messages-
>
> http://pastebin.com/d59f95b6d
> http://pastebin.com/d17f12f4
> http://pastebin.com/m46ce2877
Craig, again, please QUOTE messages you are replying to. It's (best) done by
prefixing each line by '>' character.
Otherwise, I (and possibly others) will not want to spend my time reading
messages and guessing who is asking what, to help him(her).
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors
Re: New spam-to me-and how do I stop. THANK YOU!
Posted by Craig <cc...@unitedwayqc.org>.
Your ideas and suggestions worked!
I just wanted to say thanks for everyone who replied, I hope I am incorrect in the following statement but I am going to say it anyway-I am guessing many users on this thread are like me-we post questions ( I have posted 2 over the last 5 years) , but rarely if ever feel we are expert enough to help answer any, or more sadly, take the time too. I do appreciate those of you who help people like me out!
Cheers-
Craig
>>> Sergey Kovalev <sp...@kovalev.com.ru> 1/9/2009 3:52 AM >>>
Craig wrote:
>
> Here are the links to 3 sample messages-
>
> http://pastebin.com/d59f95b6d
> http://pastebin.com/d17f12f4
> http://pastebin.com/m46ce2877
I can only see the last message now.
Probably you may try to detect blank lines in the body or blank spaces
in html.
In Mail::SpamAssassin::Plugin::BodyEval there is a function
check_blank_line_ratio(...) which can be modified for using just N head
lines or rule like
body BLANK_LINES_30_80 eval:check_blank_line_ratio('30','80','40')
describe BLANK_LINES_30_80 Message body has 30-80% blank lines
may be created. But you should supply your one parameters to the
function. Because I don't know how many legitimate e-mails with many
blank lines you receive.
Re: New spam-to me-and how do I stop.
Posted by Sergey Kovalev <sp...@kovalev.com.ru>.
Craig wrote:
>
> Here are the links to 3 sample messages-
>
> http://pastebin.com/d59f95b6d
> http://pastebin.com/d17f12f4
> http://pastebin.com/m46ce2877
I can only see the last message now.
Probably you may try to detect blank lines in the body or blank spaces
in html.
In Mail::SpamAssassin::Plugin::BodyEval there is a function
check_blank_line_ratio(...) which can be modified for using just N head
lines or rule like
body BLANK_LINES_30_80 eval:check_blank_line_ratio('30','80','40')
describe BLANK_LINES_30_80 Message body has 30-80% blank lines
may be created. But you should supply your one parameters to the
function. Because I don't know how many legitimate e-mails with many
blank lines you receive.
Re: New spam-to me-and how do I stop.
Posted by Craig <cc...@unitedwayqc.org>.
>>> Randy <rr...@livedatagroup.com> 1/8/2009 8:09 AM >>>
Matus UHLAR - fantomas wrote:
> On 07.01.09 11:46, Craig wrote:
>
>> X-Mailer: Novell GroupWise Internet Agent 7.0.2 HP
>>
>
>
>>>>> Randy <rr...@livedatagroup.com> 1/6/2009 2:42 PM >>>
>>>>>
>> Post 3 similar messages on pastbin so that we can determine a common
>> factor between them. Use pastbin, not this list to post the message.
>>
>
>
>> I have 3 messages posted at pastebin.com under the user craig.
>>
>> Thanks.
>>
>
> Please, quote content you are replying to, so we can differ between text
> written by you and others.
>
>
I briefly looked for this and can't find the 3 messages. I thinking
posting a link may help.
Here are the links to 3 sample messages-
http://pastebin.com/d59f95b6d
http://pastebin.com/d17f12f4
http://pastebin.com/m46ce2877
Thanks.
Re: New spam-to me-and how do I stop.
Posted by Randy <rr...@livedatagroup.com>.
Matus UHLAR - fantomas wrote:
> On 07.01.09 11:46, Craig wrote:
>
>> X-Mailer: Novell GroupWise Internet Agent 7.0.2 HP
>>
>
>
>>>>> Randy <rr...@livedatagroup.com> 1/6/2009 2:42 PM >>>
>>>>>
>> Post 3 similar messages on pastbin so that we can determine a common
>> factor between them. Use pastbin, not this list to post the message.
>>
>
>
>> I have 3 messages posted at pastebin.com under the user craig.
>>
>> Thanks.
>>
>
> Please, quote content you are replying to, so we can differ between text
> written by you and others.
>
>
I briefly looked for this and can't find the 3 messages. I thinking
posting a link may help.
Re: New spam-to me-and how do I stop.
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 07.01.09 11:46, Craig wrote:
> X-Mailer: Novell GroupWise Internet Agent 7.0.2 HP
> >>> Randy <rr...@livedatagroup.com> 1/6/2009 2:42 PM >>>
> Post 3 similar messages on pastbin so that we can determine a common
> factor between them. Use pastbin, not this list to post the message.
> I have 3 messages posted at pastebin.com under the user craig.
>
> Thanks.
Please, quote content you are replying to, so we can differ between text
written by you and others.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".
Re: New spam-to me-and how do I stop.
Posted by Craig <cc...@unitedwayqc.org>.
Links would help-
http://pastebin.com/d59f95b6d
http://pastebin.com/d17f12f4
http://pastebin.com/m46ce2877
>>> "Craig" <cc...@unitedwayqc.org> 1/7/2009 11:46 AM >>>
>>> Randy <rr...@livedatagroup.com> 1/6/2009 2:42 PM >>>
Craig wrote:
>
>
> >>> Randy <rr...@livedatagroup.com> 1/6/2009 2:18 PM >>>
> Craig wrote:
> > Hello All-
> >
> > I have recently been getting MANY spam slipping through Spamassassin
> > and I am looking for help on how to stop. I have used Spamassassin
> > with Bayes successfully for many years now and once I train the system
> > on new spam, the system does an excellent job of stopping. These
> > messages are very short and include a link. The subject is usually
> > regarding watches, or are thinly disguised viagra ads. Many are sent
> > from aim.com Below is header info and below that is the Spamassassin
> > output of an email that has slipped through.
> >
> >
> > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> > [score: 0.5000]
> Content analysis details: (3.3 points, 5.0 required)
>
> Train the messages as spam with sa-learn which should add 3.5 to the
> score.
>
> 3.5+3.3=6.8
> 6.8 > 5.0 = spam
>
> thanks for your quick reply-
>
> You are correct if I teach the system this email it will score as
> spam. But, I have trained a lot of spam over the last 2 weeks that
> are very similar to this one and unfortunately the new messages are
> getting through.
>
Post 3 similar messages on pastbin so that we can determine a common
factor between them. Use pastbin, not this list to post the message.
I have 3 messages posted at pastebin.com under the user craig.
Thanks.
Re: New spam-to me-and how do I stop.
Posted by Craig <cc...@unitedwayqc.org>.
>>> Randy <rr...@livedatagroup.com> 1/6/2009 2:42 PM >>>
Craig wrote:
>
>
> >>> Randy <rr...@livedatagroup.com> 1/6/2009 2:18 PM >>>
> Craig wrote:
> > Hello All-
> >
> > I have recently been getting MANY spam slipping through Spamassassin
> > and I am looking for help on how to stop. I have used Spamassassin
> > with Bayes successfully for many years now and once I train the system
> > on new spam, the system does an excellent job of stopping. These
> > messages are very short and include a link. The subject is usually
> > regarding watches, or are thinly disguised viagra ads. Many are sent
> > from aim.com Below is header info and below that is the Spamassassin
> > output of an email that has slipped through.
> >
> >
> > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> > [score: 0.5000]
> Content analysis details: (3.3 points, 5.0 required)
>
> Train the messages as spam with sa-learn which should add 3.5 to the
> score.
>
> 3.5+3.3=6.8
> 6.8 > 5.0 = spam
>
> thanks for your quick reply-
>
> You are correct if I teach the system this email it will score as
> spam. But, I have trained a lot of spam over the last 2 weeks that
> are very similar to this one and unfortunately the new messages are
> getting through.
>
Post 3 similar messages on pastbin so that we can determine a common
factor between them. Use pastbin, not this list to post the message.
I have 3 messages posted at pastebin.com under the user craig.
Thanks.
Re: New spam-to me-and how do I stop.
Posted by "McDonald, Dan" <Da...@austinenergy.com>.
On Wed, 2009-01-07 at 07:54 -0600, Craig wrote:
>
>
> >>> Randy <rr...@livedatagroup.com> 1/6/2009 2:42 PM >>>
> Craig wrote:
> Post 3 similar messages on pastbin so that we can determine a common
> factor between them. Use pastbin, not this list to post the message.
>
> Pastbin-I am not familiar with this-what is the url?
I stuck pastbin in google and it asked me if I meant pastebin... try
http://pastebin.com
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com
Re: New spam-to me-and how do I stop.
Posted by Craig <cc...@unitedwayqc.org>.
>>> Randy <rr...@livedatagroup.com> 1/6/2009 2:42 PM >>>
Craig wrote:
>
>
> >>> Randy <rr...@livedatagroup.com> 1/6/2009 2:18 PM >>>
> Craig wrote:
> > Hello All-
> >
> > I have recently been getting MANY spam slipping through Spamassassin
> > and I am looking for help on how to stop. I have used Spamassassin
> > with Bayes successfully for many years now and once I train the system
> > on new spam, the system does an excellent job of stopping. These
> > messages are very short and include a link. The subject is usually
> > regarding watches, or are thinly disguised viagra ads. Many are sent
> > from aim.com Below is header info and below that is the Spamassassin
> > output of an email that has slipped through.
> >
> >
> > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> > [score: 0.5000]
> Content analysis details: (3.3 points, 5.0 required)
>
> Train the messages as spam with sa-learn which should add 3.5 to the
> score.
>
> 3.5+3.3=6.8
> 6.8 > 5.0 = spam
>
> thanks for your quick reply-
>
> You are correct if I teach the system this email it will score as
> spam. But, I have trained a lot of spam over the last 2 weeks that
> are very similar to this one and unfortunately the new messages are
> getting through.
>
Post 3 similar messages on pastbin so that we can determine a common
factor between them. Use pastbin, not this list to post the message.
Pastbin-I am not familiar with this-what is the url?
Re: New spam-to me-and how do I stop.
Posted by Randy <rr...@livedatagroup.com>.
Craig wrote:
>
>
> >>> Randy <rr...@livedatagroup.com> 1/6/2009 2:18 PM >>>
> Craig wrote:
> > Hello All-
> >
> > I have recently been getting MANY spam slipping through Spamassassin
> > and I am looking for help on how to stop. I have used Spamassassin
> > with Bayes successfully for many years now and once I train the system
> > on new spam, the system does an excellent job of stopping. These
> > messages are very short and include a link. The subject is usually
> > regarding watches, or are thinly disguised viagra ads. Many are sent
> > from aim.com Below is header info and below that is the Spamassassin
> > output of an email that has slipped through.
> >
> >
> > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> > [score: 0.5000]
> Content analysis details: (3.3 points, 5.0 required)
>
> Train the messages as spam with sa-learn which should add 3.5 to the
> score.
>
> 3.5+3.3=6.8
> 6.8 > 5.0 = spam
>
> thanks for your quick reply-
>
> You are correct if I teach the system this email it will score as
> spam. But, I have trained a lot of spam over the last 2 weeks that
> are very similar to this one and unfortunately the new messages are
> getting through.
>
Post 3 similar messages on pastbin so that we can determine a common
factor between them. Use pastbin, not this list to post the message.
Re: New spam-to me-and how do I stop.
Posted by Craig <cc...@unitedwayqc.org>.
>>> Randy <rr...@livedatagroup.com> 1/6/2009 2:18 PM >>>
Craig wrote:
> Hello All-
>
> I have recently been getting MANY spam slipping through Spamassassin
> and I am looking for help on how to stop. I have used Spamassassin
> with Bayes successfully for many years now and once I train the system
> on new spam, the system does an excellent job of stopping. These
> messages are very short and include a link. The subject is usually
> regarding watches, or are thinly disguised viagra ads. Many are sent
> from aim.com Below is header info and below that is the Spamassassin
> output of an email that has slipped through.
>
>
> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> [score: 0.5000]
Content analysis details: (3.3 points, 5.0 required)
Train the messages as spam with sa-learn which should add 3.5 to the score.
3.5+3.3=6.8
6.8 > 5.0 = spam
thanks for your quick reply-
You are correct if I teach the system this email it will score as spam. But, I have trained a lot of spam over the last 2 weeks that are very similar to this one and unfortunately the new messages are getting through.
Re: New spam-to me-and how do I stop.
Posted by Randy <rr...@livedatagroup.com>.
Craig wrote:
> Hello All-
>
> I have recently been getting MANY spam slipping through Spamassassin
> and I am looking for help on how to stop. I have used Spamassassin
> with Bayes successfully for many years now and once I train the system
> on new spam, the system does an excellent job of stopping. These
> messages are very short and include a link. The subject is usually
> regarding watches, or are thinly disguised viagra ads. Many are sent
> from aim.com Below is header info and below that is the Spamassassin
> output of an email that has slipped through.
>
>
> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> [score: 0.5000]
Content analysis details: (3.3 points, 5.0 required)
Train the messages as spam with sa-learn which should add 3.5 to the score.
3.5+3.3=6.8
6.8 > 5.0 = spam