You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Kathryn Kleinschafer <ka...@rheel.co.nz> on 2008/07/10 03:49:45 UTC
spam getting through because of bayes confidence
Hi all,
I have some spam coming into the system that seems to be only going to a
couple of domains.
The bayes confidence is 0-1% for the spam so it is getting a -2.6. It is
hitting on the following rules
-2.60 BAYES_00 Bayesian spam probability is 0 to 1%
-0.19 CRM114_CHECK
2.17 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
0.00 DIGEST_MULTIPLE Message hits more than one network digest check
0.50 KAM_LOTTO1 Likely to be a e-Lotto Scam Email
0.50 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.96 RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net
2.08 SUBJ_ALL_CAPS Subject is all capitals
The subject line is always REMINDER NOTIFICATION
In order to get it recognised as spam am I best to have a custom rule
for the subject line?
If so can someone tell me what the rule might look like (i have never
written custom rules)
Many thanks
Kate
Re: spam getting through because of bayes confidence
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 10.07.08 13:49, Kathryn Kleinschafer wrote:
> I have some spam coming into the system that seems to be only going to a
> couple of domains.
> The bayes confidence is 0-1% for the spam so it is getting a -2.6. It is
> hitting on the following rules
> -2.60 BAYES_00 Bayesian spam probability is 0 to 1%
> The subject line is always REMINDER NOTIFICATION
>
> In order to get it recognised as spam am I best to have a custom rule
> for the subject line?
> If so can someone tell me what the rule might look like (i have never
> written custom rules)
I guess you should more look at your Bayes DB to see why it thinks the
message is clear...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."
Re: spam getting through because of bayes confidence
Posted by Matthias Leisi <ma...@leisi.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kathryn Kleinschafer schrieb:
| Am I supposed to reload a service or is there something else I have
missed?
Yes, every change to a *.cf or *.pre file requires a restart of spamd
(as opposed to the standalone "spamassassin" binary, which will read
it's configuration upon each and every invocation).
- -- Matthias
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
iD8DBQFIexztxbHw2nyi/okRAtowAKC2qSfuQSoQseWMHV9RKIi5B6UXZACeIc/h
pW1d+nxZZ6DJTV8mMv0rxRE=
=zm5j
-----END PGP SIGNATURE-----
Re: spam getting through because of bayes confidence
Posted by Kathryn Kleinschafer <ka...@rheel.co.nz>.
Hi Jared,
Thanks for the help. I have made the file LOCALK.cf in my
/etc/mail/spamassassin/ folder and run spamassassin --lint (no errors)
However when I test the message it is not hitting the rule.
Am I supposed to reload a service or is there something else I have missed?
Thanks
Kate
Jared Hall wrote:
> header LOCAL_REMINDER Subject =~ /^REMINDER NOTIFICATION/
> score LOCAL_REMINDER 5.0
>
> Regards,
>
> Jared Hall
> General Telecom, LLC.
>
>
> Kathryn Kleinschafer wrote:
>> Hi all,
>>
>> I have some spam coming into the system that seems to be only going
>> to a couple of domains.
>> The bayes confidence is 0-1% for the spam so it is getting a -2.6. It
>> is hitting on the following rules
>> -2.60 BAYES_00 Bayesian spam probability is 0 to 1%
>> -0.19 CRM114_CHECK 2.17 DCC_CHECK Listed in DCC
>> (http://rhyolite.com/anti-spam/dcc/)
>> 0.00 DIGEST_MULTIPLE Message hits more than one network
>> digest check
>> 0.50 KAM_LOTTO1 Likely to be a e-Lotto Scam Email
>> 0.50 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
>> 1.96 RCVD_IN_BL_SPAMCOP_NET Received via a relay in
>> bl.spamcop.net
>> 2.08 SUBJ_ALL_CAPS Subject is all capitals
>>
>>
>> The subject line is always REMINDER NOTIFICATION
>>
>> In order to get it recognised as spam am I best to have a custom rule
>> for the subject line?
>> If so can someone tell me what the rule might look like (i have never
>> written custom rules)
>>
>> Many thanks
>> Kate
>>
--
Kate Kleinschafer
Internet Services
GetRheel
/A division of Rheel Electronics Ltd /
Phone +64-3-386 3070 Fax +64-3-386-3071
Mobile +64-21-386-394
email: kate@rheel.co.nz
www.getrheel.co.nz
This e-mail together with any attachments is confidential, may be
subject to legal privilege and may contain proprietary information,
including information protected by copyright. If you are not the
intended recipient, please do not copy, use or disclose this e-mail;
please notify us immediately by return e-mail and then delete this e-mail.
Re: spam getting through because of bayes confidence
Posted by Kathryn Kleinschafer <ka...@rheel.co.nz>.
Sorry not sure what I was doing wrong before but it is hitting now.
Thanks
Kate
Jared Hall wrote:
> header LOCAL_REMINDER Subject =~ /^REMINDER NOTIFICATION/
> score LOCAL_REMINDER 5.0
>
> Regards,
>
> Jared Hall
> General Telecom, LLC.
>
>
> Kathryn Kleinschafer wrote:
>> Hi all,
>>
>> I have some spam coming into the system that seems to be only going
>> to a couple of domains.
>> The bayes confidence is 0-1% for the spam so it is getting a -2.6. It
>> is hitting on the following rules
>> -2.60 BAYES_00 Bayesian spam probability is 0 to 1%
>> -0.19 CRM114_CHECK 2.17 DCC_CHECK Listed in DCC
>> (http://rhyolite.com/anti-spam/dcc/)
>> 0.00 DIGEST_MULTIPLE Message hits more than one network
>> digest check
>> 0.50 KAM_LOTTO1 Likely to be a e-Lotto Scam Email
>> 0.50 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
>> 1.96 RCVD_IN_BL_SPAMCOP_NET Received via a relay in
>> bl.spamcop.net
>> 2.08 SUBJ_ALL_CAPS Subject is all capitals
>>
>>
>> The subject line is always REMINDER NOTIFICATION
>>
>> In order to get it recognised as spam am I best to have a custom rule
>> for the subject line?
>> If so can someone tell me what the rule might look like (i have never
>> written custom rules)
>>
>> Many thanks
>> Kate
>>
Re: spam getting through because of bayes confidence
Posted by Jared Hall <jh...@tbi.net>.
header LOCAL_REMINDER Subject =~ /^REMINDER NOTIFICATION/
score LOCAL_REMINDER 5.0
Regards,
Jared Hall
General Telecom, LLC.
Kathryn Kleinschafer wrote:
> Hi all,
>
> I have some spam coming into the system that seems to be only going to
> a couple of domains.
> The bayes confidence is 0-1% for the spam so it is getting a -2.6. It
> is hitting on the following rules
> -2.60 BAYES_00 Bayesian spam probability is 0 to 1%
> -0.19 CRM114_CHECK 2.17 DCC_CHECK Listed in DCC
> (http://rhyolite.com/anti-spam/dcc/)
> 0.00 DIGEST_MULTIPLE Message hits more than one network digest
> check
> 0.50 KAM_LOTTO1 Likely to be a e-Lotto Scam Email
> 0.50 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> 1.96 RCVD_IN_BL_SPAMCOP_NET Received via a relay in
> bl.spamcop.net
> 2.08 SUBJ_ALL_CAPS Subject is all capitals
>
>
> The subject line is always REMINDER NOTIFICATION
>
> In order to get it recognised as spam am I best to have a custom rule
> for the subject line?
> If so can someone tell me what the rule might look like (i have never
> written custom rules)
>
> Many thanks
> Kate
>
Re: spam getting through because of bayes confidence
Posted by Sahil Tandon <sa...@tandon.net>.
Kathryn Kleinschafer <ka...@rheel.co.nz> wrote:
> Hi all,
>
> I have some spam coming into the system that seems to be only going to a
> couple of domains.
[...]
> The subject line is always REMINDER NOTIFICATION
>
> In order to get it recognised as spam am I best to have a custom rule for
> the subject line?
> If so can someone tell me what the rule might look like (i have never
> written custom rules)
Guide on writing SA rules: http://wiki.apache.org/spamassassin/WritingRules
--
Sahil Tandon <sa...@tandon.net>