You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Sujit Acharyya-choudhury <s....@bbk.ac.uk> on 2015/03/12 12:40:46 UTC

is spamassassin scoring too high points

We are using MessageLabs for our most of our inward mails.  However, we
also get mails from other places as well.  In order to get rid of spam,
we have installed the latest version of spamassassin, which is set to
reject any mail at smtp time if the score is over 12.  What I find
peculiar is some mails from MessageLabs are not scoring as high as the
one scored by spamassassin.   

Below is the example of the header which has been rejected at SMTP time,

 

2015-03-12 09:05:51 1YVz3t-0001lJ-6m H=mail6.bemta5.messagelabs.com
[195.245.231.135] F=<te...@DODOBOOKING.COM> rejected after DATA: This
message scored 25.8 spam points.

Envelope-from: <te...@DODOBOOKING.COM>

Envelope-to: <g....@bbk.ac.uk>

P Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])

        by mail2.ccs.bbk.ac.uk with smtp (Exim 4.80.1)

        (envelope-from <te...@DODOBOOKING.COM>)

        id 1YVz3t-0001lJ-6m

        for g.christodoulides@bbk.ac.uk; Thu, 12 Mar 2015 09:05:49 +0000

* Return-Path: <te...@dodobooking.com>

P Received: from [195.245.231.67] by server-13.bemta-5.messagelabs.com
id D7/7A-09628-DE651055; Thu, 12 Mar 2015 09:05:49 +0000

  X-Env-Sender: test@DODOBOOKING.COM

  X-Msg-Ref: server-7.tower-82.messagelabs.com!1426151146!25986048!1

  X-Originating-IP: [192.254.214.131]

  X-SpamReason: No, hits=4.7 required=7.0 tests=msgid: No Message-ID,

  ADVANCE_FEE_1,ADVANCE_FEE_2,FORGED_MUA_OUTLOOK,TO_CC_NONE

  X-StarScan-Received:

  X-StarScan-Version: 6.13.4; banners=-,-,-

  X-VirusChecked: Checked

P Received: (qmail 32108 invoked from network); 12 Mar 2015 09:05:48
-0000

P Received: from cre.creative3ddesign.net (HELO
cre.creative3ddesign.net) (192.254.214.131)

  by server-7.tower-82.messagelabs.com with DHE-RSA-AES256-SHA encrypted
SMTP; 12 Mar 2015 09:05:48 -0000

P Received: from 41-66-233-120-dedicated.4u.com.gh ([41.66.233.120]:8629
helo=User)

        by cre.creative3ddesign.net with esmtpa (Exim 4.85)

        (envelope-from <te...@DODOBOOKING.COM>)

        id 1YVyxT-0000ed-Cl; Thu, 12 Mar 2015 12:59:12 +0400

R Reply-To: <ma...@gmail.com>

F From: "Mr. William Koffie"<te...@DODOBOOKING.COM>

  Subject: Please i apologize using this medium to reach you.

  Date: Thu, 12 Mar 2015 08:58:57 -0000

  MIME-Version: 1.0

  Content-Type: text/plain;

        charset="Windows-1251"

  Content-Transfer-Encoding: 7bit

  X-Priority: 3

  X-MSMail-Priority: Normal

  X-Mailer: Microsoft Outlook Express 6.00.2600.0000

  X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

  X-OutGoing-Spam-Status: No, score=

  X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report

  X-AntiAbuse: Primary Hostname - cre.creative3ddesign.net

  X-AntiAbuse: Original Domain - bbk.ac.uk

  X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

  X-AntiAbuse: Sender Address Domain - DODOBOOKING.COM

  X-Get-Message-Sender-Via: cre.creative3ddesign.net: authenticated_id:
test@dodobooking.com

 

Unfortunately we don't have the full message to take it up with
MessageLabs.

Any comment will be appreciated.  

 

Regards

 

Sujit Choudhury

Re: is spamassassin scoring too high points

Posted by Reindl Harald <h....@thelounge.net>.

Am 13.03.2015 um 00:06 schrieb Chris:
> they definitely not aggressive, I am actually struggling to reach 5
> points on most spam.

train your bayes and adjust scores in "local.cf"

we reject above 8.0 points and 99% of all junk making it through 
postscreen and other filters before SA are rejected with way higher scores

tagging between 5.5 and 7.9 and per day there are 10-15 messages tagged
the rest has a BAYES_00 and/or is abcked by DNSWL scoring

> On 12 March 2015 at 12:10, Reindl Harald <h....@thelounge.net> wrote:
>> please don't top post
>>
>> Am 12.03.2015 um 13:06 schrieb Sujit Acharyya-choudhury:
>>>
>>> I don't have any custom rules nor I am using sought.cf. I have chosen
>>> the standard installation without any tweaks.  I am just worried,
>>> whether I am being too aggressive in blocking messages which are not
>>> blocked by MessageLabs.
>>
>>
>> the default SA rules are for sure not too aggresive
>> why premature worries without any indication?
>>
>> and even if you reject a message which would have made it through
>> MessageLabs that means *nothing* as long it's not a *real* false positive
>>
>> we block each days a lot of forwardings from different mail services all
>> having their own spamfilter and at the end of the day it turns out they are
>> indeed spam
>>
>>> -----Original Message-----
>>> From: Reindl Harald [mailto:h.reindl@thelounge.net]
>>> Sent: 12 March 2015 11:51
>>> To: users@spamassassin.apache.org
>>> Subject: Re: is spamassassin scoring too high points
>>>
>>> you can't compare scores between differernt setups beause they are
>>> likely different and using also a different reject score
>>>
>>> * you can give each rule a non-default score
>>> * much depends on bayes and how bayes hits are scored
>>> * custom rules
>>>
>>> you need at *least* all the hitting rules
>>> your message here hitted these ones:
>>>
>>> BAYES_00,CUST_DNSWL_10,CUST_DNSWL_3,CUST_DNSWL_8,CUST_MOST_SPAM_TO,HEADE
>>> R_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_W
>>> L,SPF_PASS,T_MIME_MALF,T_RP_MATCHES_RCVD

Re: is spamassassin scoring too high points

Posted by Chris <ch...@gmail.com>.

they definitely not aggressive, I am actually struggling to reach 5
points on most spam.

On 12 March 2015 at 12:10, Reindl Harald <h....@thelounge.net> wrote:
> please don't top post
>
> Am 12.03.2015 um 13:06 schrieb Sujit Acharyya-choudhury:
>>
>> I don't have any custom rules nor I am using sought.cf. I have chosen
>> the standard installation without any tweaks.  I am just worried,
>> whether I am being too aggressive in blocking messages which are not
>> blocked by MessageLabs.
>
>
> the default SA rules are for sure not too aggresive
> why premature worries without any indication?
>
> and even if you reject a message which would have made it through
> MessageLabs that means *nothing* as long it's not a *real* false positive
>
> we block each days a lot of forwardings from different mail services all
> having their own spamfilter and at the end of the day it turns out they are
> indeed spam
>
>> -----Original Message-----
>> From: Reindl Harald [mailto:h.reindl@thelounge.net]
>> Sent: 12 March 2015 11:51
>> To: users@spamassassin.apache.org
>> Subject: Re: is spamassassin scoring too high points
>>
>> you can't compare scores between differernt setups beause they are
>> likely different and using also a different reject score
>>
>> * you can give each rule a non-default score
>> * much depends on bayes and how bayes hits are scored
>> * custom rules
>>
>> you need at *least* all the hitting rules
>> your message here hitted these ones:
>>
>> BAYES_00,CUST_DNSWL_10,CUST_DNSWL_3,CUST_DNSWL_8,CUST_MOST_SPAM_TO,HEADE
>> R_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_W
>> L,SPF_PASS,T_MIME_MALF,T_RP_MATCHES_RCVD
>
>

Re: is spamassassin scoring too high points

Posted by Reindl Harald <h....@thelounge.net>.

please don't top post

Am 12.03.2015 um 13:06 schrieb Sujit Acharyya-choudhury:
> I don't have any custom rules nor I am using sought.cf. I have chosen
> the standard installation without any tweaks.  I am just worried,
> whether I am being too aggressive in blocking messages which are not
> blocked by MessageLabs.

the default SA rules are for sure not too aggresive
why premature worries without any indication?

and even if you reject a message which would have made it through 
MessageLabs that means *nothing* as long it's not a *real* false positive

we block each days a lot of forwardings from different mail services all 
having their own spamfilter and at the end of the day it turns out they 
are indeed spam

> -----Original Message-----
> From: Reindl Harald [mailto:h.reindl@thelounge.net]
> Sent: 12 March 2015 11:51
> To: users@spamassassin.apache.org
> Subject: Re: is spamassassin scoring too high points
>
> you can't compare scores between differernt setups beause they are
> likely different and using also a different reject score
>
> * you can give each rule a non-default score
> * much depends on bayes and how bayes hits are scored
> * custom rules
>
> you need at *least* all the hitting rules
> your message here hitted these ones:
>
> BAYES_00,CUST_DNSWL_10,CUST_DNSWL_3,CUST_DNSWL_8,CUST_MOST_SPAM_TO,HEADE
> R_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_W
> L,SPF_PASS,T_MIME_MALF,T_RP_MATCHES_RCVD

RE: is spamassassin scoring too high points

Posted by Sujit Acharyya-choudhury <s....@bbk.ac.uk>.

I don't have any custom rules nor I am using sought.cf. I have chosen
the standard installation without any tweaks.  I am just worried,
whether I am being too aggressive in blocking messages which are not
blocked by MessageLabs. 
I accept the scoring method will be different.  

-----Original Message-----
From: Reindl Harald [mailto:h.reindl@thelounge.net] 
Sent: 12 March 2015 11:51
To: users@spamassassin.apache.org
Subject: Re: is spamassassin scoring too high points



Am 12.03.2015 um 12:40 schrieb Sujit Acharyya-choudhury:
> We are using MessageLabs for our most of our inward mails.  However,
we
> also get mails from other places as well.  In order to get rid of
spam,
> we have installed the latest version of spamassassin, which is set to
> reject any mail at smtp time if the score is over 12.  What I find
> peculiar is some mails from MessageLabs are not scoring as high as the
> one scored by spamassassin.

you can't compare scores between differernt setups beause they are 
likely different and using also a different reject score

* you can give each rule a non-default score
* much depends on bayes and how bayes hits are scored
* custom rules

you need at *least* all the hitting rules
your message here hitted these ones:

BAYES_00,CUST_DNSWL_10,CUST_DNSWL_3,CUST_DNSWL_8,CUST_MOST_SPAM_TO,HEADE
R_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_W
L,SPF_PASS,T_MIME_MALF,T_RP_MATCHES_RCVD

Re: is spamassassin scoring too high points

Posted by Reindl Harald <h....@thelounge.net>.


Am 12.03.2015 um 12:40 schrieb Sujit Acharyya-choudhury:
> We are using MessageLabs for our most of our inward mails.  However, we
> also get mails from other places as well.  In order to get rid of spam,
> we have installed the latest version of spamassassin, which is set to
> reject any mail at smtp time if the score is over 12.  What I find
> peculiar is some mails from MessageLabs are not scoring as high as the
> one scored by spamassassin.

you can't compare scores between differernt setups beause they are 
likely different and using also a different reject score

* you can give each rule a non-default score
* much depends on bayes and how bayes hits are scored
* custom rules

you need at *least* all the hitting rules
your message here hitted these ones:

BAYES_00,CUST_DNSWL_10,CUST_DNSWL_3,CUST_DNSWL_8,CUST_MOST_SPAM_TO,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS,T_MIME_MALF,T_RP_MATCHES_RCVD