You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Savoy, Jim" <sa...@uleth.ca> on 2009/04/06 19:44:21 UTC
AWL question
Hi all,
I just noticed that we have had auto_whitelisting turned off since
2005 (!). I just turned it
back on (first deleting the auto_whitelist file in
/home/exim/.spamassassin (we run a site-wide
installation) and ensuring that file was re-created after restarting
spamd). It seems to be working.
So now when I peruse the logs, I see the new tag AWL being added for the
first time.
But then I saw this fly by:
Apr 6 10:54:12 mx1-server spamd[12713]: spamd: result: Y 18 -
AWL,BAYES_99,DRUGS_ERECTILE,FB_CIALIS_LEO3,FORGED_OUTLOOK_HTML,FORGED_OU
TLOOK_TAGS,
FORGED_YAHOO_RCVD,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
MIME_HTML_ONLY,MSGID_OUTLOOK_INVALID,SPF_HELO_PASS,SUBJECT_DRUG_GAP_C,
UNPARSEABLE_RELAY,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SC_SURBL,URIBL_WS_SUR
BL,URIBL_ZEN
scantime=6.5,size=1206,user=nobody,uid=108,required_score=5.0,rhost=loca
lhost.localdomain,
raddr=127.0.0.1,rport=45215,mid=<00...@gew>,bay
es=0.999996,autolearn=spam
It looks like it did everything correctly, giving the message a high
score (18) and autolearning
it in Bayes, but I was surprised to see the AWL tag get slapped onto
this one. Is that normal
behaviour?
We are running SpamAssassin 3.25.
- jim -
-
RE: AWL question
Posted by John Hardin <jh...@impsec.org>.
On Mon, 6 Apr 2009, Savoy, Jim wrote:
> I may be able to answer my own question, as something like this was
> asked a few weeks ago and John Hardin said that AWL is a misleading
> name, as it is just giving an "average" score, not necessarily
> whitelisting something. Thanks John.
...glad to help! :)
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The question of whether people should be allowed to harm themselves
is simple. They *must*. -- Charles Murray
-----------------------------------------------------------------------
7 days until Thomas Jefferson's 266th Birthday
RE: AWL question
Posted by "Savoy, Jim" <sa...@uleth.ca>.
I may be able to answer my own question, as something like this was
asked a few
weeks ago and John Hardin said that AWL is a misleading name, as it is
just giving an
"average" score, not necessarily whitelisting something. Thanks John.
RE: AWL question
Posted by "Savoy, Jim" <sa...@uleth.ca>.
>127.0.0.1 is not remote host :/
>did you send it for testing ?
Nope. This was a real, live message from the outside world.
>make sure that exim do send remote ip to sa, else it will work
badly, also that exim does not accept and bounce, i have seen it, if
its spam then reject
I'm pretty sure our setup has been working almost perfectly for years.
Very few false-positives. We run about 40 filters in exim (smtp time)
before a message even gets to SpamAssassin, and if the score is too high
(over 15) we accept and quarantine it. Otherwise, we accept and deliver
it to the recipient, which is already guaranteed to be a legitimate
account
on our system (as determined by an earlier LDAP lookup).
- jim -
Re: AWL question
Posted by Benny Pedersen <me...@junc.org>.
On Mon, April 6, 2009 19:44, Savoy, Jim wrote:
> Hi all,
> I just noticed that we have had auto_whitelisting turned off
> since 2005 (!). I just turned it
>
> back on (first deleting the auto_whitelist file in
> /home/exim/.spamassassin (we run a site-wide
> installation) and ensuring that file was re-created after
> restarting spamd). It seems to be working.
so far so good
> So now when I peruse the logs, I see the new tag AWL being added
> for the first time.
> But then I saw this fly by:
> Apr 6 10:54:12 mx1-server spamd[12713]: spamd: result: Y 18 -
> AWL,
> BAYES_99,
> DRUGS_ERECTILE,
> FB_CIALIS_LEO3,
> FORGED_OUTLOOK_HTML,
> FORGED_OUTLOOK_TAGS,
> FORGED_YAHOO_RCVD,
> HTML_MESSAGE,
> HTML_MIME_NO_HTML_TAG,
> MIME_HTML_ONLY,
> MSGID_OUTLOOK_INVALID,
> SPF_HELO_PASS,
> SUBJECT_DRUG_GAP_C,
> UNPARSEABLE_RELAY,
> URIBL_BLACK,
> URIBL_JP_SURBL,
> URIBL_SC_SURBL,
> URIBL_WS_SURBL,
> URIBL_ZEN
> scantime=6.5,size=1206,user=nobody,uid=108,required_score=5.0,
> rhost=localhost.localdomain,
> raddr=127.0.0.1,rport=45215,
> mid=<00...@gew>,
> bayes=0.999996,autolearn=spam
127.0.0.1 is not remote host :/
did you send it for testing ?
> It looks like it did everything correctly, giving the message a
> high score (18) and autolearning
if 127.0.0.1 indeed is remote yes
> it in Bayes, but I was surprised to see the AWL tag get slapped
> onto this one. Is that normal behaviour?
make sure that exim do send remote ip to sa, else it will work
badly, also that exim does not accept and bounce, i have seen it, if
its spam then reject
> We are running SpamAssassin 3.25.
--
http://localhost/ 100% uptime and 100% mirrored :)
Re: AWL question
Posted by "McDonald, Dan" <Da...@austinenergy.com>.
On Mon, 2009-04-06 at 11:44 -0600, Savoy, Jim wrote:
>
>
> Hi all,
>
>
>
> I just noticed that we have had auto_whitelisting turned off since
> 2005 (!). I just turned it
>
> back on (first deleting the auto_whitelist file
> in /home/exim/.spamassassin (we run a site-wide
>
> installation) and ensuring that file was re-created after restarting
> spamd). It seems to be working.
>
> but I was surprised to see the AWL tag get slapped onto this one. Is
> that normal
Yes, the Averaged Weighting List is applied to every message. There was
a long discussion about this just this past week, but suffice it to say
that if you thought this would be a way to whitelist ham, you will be
disappointed.
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com