You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Connors <co...@gmail.com> on 2007/02/14 15:43:14 UTC
spamassassin beginner question
Hi,
I have been getting a lot of spam messages as indicated in the content
preview below.
"""
Content preview: ENERGY COMPANY ALERT!! Search for: UTEVCurrent price:
$0.016 Market: bullish!!! TRADE SMART AND WIN WITH US NOW!! [...]
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.1 RCVD_BY_IP Received by mail server with no name
1.7 SARE_MLB_Stock1 BODY: SARE_MLB_Stock1
1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 HTML_FONT_BIG BODY: HTML tag for a big font size
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
"""
This sort of spam still ends up in my inbox.
Is the [score: 1.0000] the total spam score for this email?
I find it strange that it these get through as they are the first non-image
spams to get through more than a couple of times.
Are there other rules that this spam should be hitting?
--
Michael Connors
Re: spamassassin beginner question
Posted by Theo Van Dinter <fe...@apache.org>.
On Wed, Feb 14, 2007 at 02:43:14PM +0000, Michael Connors wrote:
> Content analysis details: (7.1 points, 5.0 required)
>
> 0.1 RCVD_BY_IP Received by mail server with no name
> 1.7 SARE_MLB_Stock1 BODY: SARE_MLB_Stock1
> 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
> 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size
> 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
> [score: 1.0000]
>
> Is the [score: 1.0000] the total spam score for this email?
No. 1.0000 is the score that the Bayes system gave the message. The "message
score" is listed above: 7.1.
> I find it strange that it these get through as they are the first non-image
> spams to get through more than a couple of times.
The message scored 7.1 and your required score is 5, so it was marked as spam.
It sounds like you're expecting SA to do something other than marking up the
message, which it's not going to do.
--
Randomly Selected Tagline:
Girls just want to have fun - C. Lauper
Re: spamassassin beginner question
Posted by maillist <ma...@emailacs.com>.
Michael Connors wrote:
>
> On 14/02/07, *maillist* <maillist@emailacs.com
> <ma...@emailacs.com>> wrote:
>
> Michael Connors wrote:
> > Hi,
> > I have been getting a lot of spam messages as indicated in the
> content
> > preview below.
> >
> > """
> > Content preview: ENERGY COMPANY ALERT!! Search for: UTEVCurrent
> price:
> > $0.016 Market: bullish!!! TRADE SMART AND WIN WITH US NOW!! [...]
> >
> > Content analysis details: (7.1 points, 5.0 required)
> >
> > pts rule name description
> > ---- ----------------------
> > --------------------------------------------------
> > 0.1 RCVD_BY_IP Received by mail server with no name
> > 1.7 SARE_MLB_Stock1 BODY: SARE_MLB_Stock1
> > 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
> > 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
> > 0.0 HTML_MESSAGE BODY: HTML included in message
> > 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size
> > 3.5 BAYES_99 BODY: Bayesian spam probability is
> 99 to 100%
> > [score: 1.0000]
> >
> > The original message was not completely plain text, and may be
> unsafe to
> > open with some email clients; in particular, it may contain a virus,
> > or confirm that your address can receive spam. If you wish to view
> > it, it may be safer to save it to a file and open it with an editor.
> > """
> >
> > This sort of spam still ends up in my inbox.
> >
> > Is the [score: 1.0000] the total spam score for this email?
> > I find it strange that it these get through as they are the first
> > non-image spams to get through more than a couple of times.
> >
> > Are there other rules that this spam should be hitting?
> > --
> > Michael Connors
> Is this always happening with spam messages, or do some go to a
> drop-box
> of some sort? What all do you run along with SA to get the message
> discarded?
>
> I use mimedefang, and am having the same sort of problem, but it
> is only
> a few messages that get through.
>
>
> Hi,
> I tag them with a spam score and anything under 10 gets to the mail
> box, anything over 5 arrives with {spam x} in the subject line, these
> ones however repeatedly get through and have spam scores like this in
> the mesage header.
>
> -MailScanner-SpamCheck: not spam, SpamAssassin (score=1.749,
> required 4, BAYES_50 0.00, HTML_50_60 0.09, HTML_MESSAGE 0.00,
> SARE_PROLOSTOCK_SYM3 1.66)
> Even though they appear to be caught when I run them through at the
> command line.
>
> I dont seam to have a problem with other types of spam.
>
> --
> Michael Connors
It depends on how you are testing from the command line. If you run
"spamc -c < message" then this should give you the actual score, in case
you have any config issues. Running "spamassassin --test-mode message"
will give you "what_should_be" the score. The 2 should be the same,
though generally, some people will be using ~/.spamassassin bayes or
configs, and try to adjust settings in other places, that they forget to
define in /etc/mail/spamassassin/local.cf.
Re: spamassassin beginner question
Posted by Anthony Peacock <a....@chime.ucl.ac.uk>.
Michael Connors wrote:
>
> On 14/02/07, *maillist* <maillist@emailacs.com
> <ma...@emailacs.com>> wrote:
>
> Michael Connors wrote:
> > Hi,
> > I have been getting a lot of spam messages as indicated in the
> content
> > preview below.
> >
> > """
> > Content preview: ENERGY COMPANY ALERT!! Search for: UTEVCurrent
> price:
> > $0.016 Market: bullish!!! TRADE SMART AND WIN WITH US NOW!! [...]
> >
> > Content analysis details: (7.1 points, 5.0 required)
> >
> > pts rule name description
> > ---- ----------------------
> > --------------------------------------------------
> > 0.1 RCVD_BY_IP Received by mail server with no name
> > 1.7 SARE_MLB_Stock1 BODY: SARE_MLB_Stock1
> > 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
> > 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
> > 0.0 HTML_MESSAGE BODY: HTML included in message
> > 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size
> > 3.5 BAYES_99 BODY: Bayesian spam probability is 99
> to 100%
> > [score: 1.0000]
> >
> > The original message was not completely plain text, and may be
> unsafe to
> > open with some email clients; in particular, it may contain a virus,
> > or confirm that your address can receive spam. If you wish to view
> > it, it may be safer to save it to a file and open it with an editor.
> > """
> >
> > This sort of spam still ends up in my inbox.
> >
> > Is the [score: 1.0000] the total spam score for this email?
> > I find it strange that it these get through as they are the first
> > non-image spams to get through more than a couple of times.
> >
> > Are there other rules that this spam should be hitting?
> > --
> > Michael Connors
> Is this always happening with spam messages, or do some go to a drop-box
> of some sort? What all do you run along with SA to get the message
> discarded?
>
> I use mimedefang, and am having the same sort of problem, but it is only
> a few messages that get through.
>
>
> Hi,
> I tag them with a spam score and anything under 10 gets to the mail box,
> anything over 5 arrives with {spam x} in the subject line, these ones
> however repeatedly get through and have spam scores like this in the
> mesage header.
>
> -MailScanner-SpamCheck: not spam, SpamAssassin (score=1.749,
> required 4, BAYES_50 0.00, HTML_50_60 0.09, HTML_MESSAGE 0.00,
> SARE_PROLOSTOCK_SYM3 1.66)
>
> Even though they appear to be caught when I run them through at the
> command line.
>
> I dont seam to have a problem with other types of spam.
You have a different Bayes result for command line versus MailScanner.
It also looks like you have a different set of rules used by the command
line and not MailScanner.
What user do you run the command line checks as, and what user does
MailScanner run as?
Do you run sa-update?
Some versions of MailScanner required a configuration setting to be
correctly set before it would find the rules downloaded by sa-update.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
Re: spamassassin beginner question
Posted by Michael Connors <co...@gmail.com>.
On 14/02/07, maillist <ma...@emailacs.com> wrote:
>
> Michael Connors wrote:
> > Hi,
> > I have been getting a lot of spam messages as indicated in the content
> > preview below.
> >
> > """
> > Content preview: ENERGY COMPANY ALERT!! Search for: UTEVCurrent price:
> > $0.016 Market: bullish!!! TRADE SMART AND WIN WITH US NOW!! [...]
> >
> > Content analysis details: (7.1 points, 5.0 required)
> >
> > pts rule name description
> > ---- ----------------------
> > --------------------------------------------------
> > 0.1 RCVD_BY_IP Received by mail server with no name
> > 1.7 SARE_MLB_Stock1 BODY: SARE_MLB_Stock1
> > 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
> > 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
> > 0.0 HTML_MESSAGE BODY: HTML included in message
> > 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size
> > 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to
> 100%
> > [score: 1.0000]
> >
> > The original message was not completely plain text, and may be unsafe to
> > open with some email clients; in particular, it may contain a virus,
> > or confirm that your address can receive spam. If you wish to view
> > it, it may be safer to save it to a file and open it with an editor.
> > """
> >
> > This sort of spam still ends up in my inbox.
> >
> > Is the [score: 1.0000] the total spam score for this email?
> > I find it strange that it these get through as they are the first
> > non-image spams to get through more than a couple of times.
> >
> > Are there other rules that this spam should be hitting?
> > --
> > Michael Connors
> Is this always happening with spam messages, or do some go to a drop-box
> of some sort? What all do you run along with SA to get the message
> discarded?
>
> I use mimedefang, and am having the same sort of problem, but it is only
> a few messages that get through.
>
Hi,
I tag them with a spam score and anything under 10 gets to the mail box,
anything over 5 arrives with {spam x} in the subject line, these ones
however repeatedly get through and have spam scores like this in the mesage
header.
-MailScanner-SpamCheck: not spam, SpamAssassin (score=1.749,
required 4, BAYES_50 0.00, HTML_50_60 0.09, HTML_MESSAGE 0.00,
SARE_PROLOSTOCK_SYM3 1.66)
Even though they appear to be caught when I run them through at the command
line.
I dont seam to have a problem with other types of spam.
--
Michael Connors
Re: spamassassin beginner question
Posted by maillist <ma...@emailacs.com>.
Michael Connors wrote:
> Hi,
> I have been getting a lot of spam messages as indicated in the content
> preview below.
>
> """
> Content preview: ENERGY COMPANY ALERT!! Search for: UTEVCurrent price:
> $0.016 Market: bullish!!! TRADE SMART AND WIN WITH US NOW!! [...]
>
> Content analysis details: (7.1 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 0.1 RCVD_BY_IP Received by mail server with no name
> 1.7 SARE_MLB_Stock1 BODY: SARE_MLB_Stock1
> 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
> 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size
> 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
> [score: 1.0000]
>
> The original message was not completely plain text, and may be unsafe to
> open with some email clients; in particular, it may contain a virus,
> or confirm that your address can receive spam. If you wish to view
> it, it may be safer to save it to a file and open it with an editor.
> """
>
> This sort of spam still ends up in my inbox.
>
> Is the [score: 1.0000] the total spam score for this email?
> I find it strange that it these get through as they are the first
> non-image spams to get through more than a couple of times.
>
> Are there other rules that this spam should be hitting?
> --
> Michael Connors
Is this always happening with spam messages, or do some go to a drop-box
of some sort? What all do you run along with SA to get the message
discarded?
I use mimedefang, and am having the same sort of problem, but it is only
a few messages that get through.