You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Sean Harding <sh...@dogcow.org> on 2006/06/02 17:37:19 UTC
gobs of misses suddenly
In the last couple of weeks, I've suddenly started having tons of spam get
by SA. Up until then, things had been working beautifully for a number of
years (with occasional upgrades and tweaks, of course). I'm not sure what
has changed, but something seems broken. I upgraded to 3.1.2, but it
didn't seem to improve things much. I also am not seeing an obvious
pattern to the things that are getting through. Some of them are actually
getting autolearned as ham, which is probably making the problem even
worse.
Here are several example messages that have gotten through in the last day
or so (including the scores they got):
http://dogcow.org/tmp/spam-misses-20060602/
I have SA installed locally in my home dir, running through procmail (no
spamd/spamc involvement). I theoretically have network checks on (I'm not
running SA with '-L').
Any thoughts on what is going wrong here?
Thanks.
Sean
Re: gobs of misses suddenly
Posted by Stuart Johnston <st...@ebby.com>.
Sean Harding wrote:
> In the last couple of weeks, I've suddenly started having tons of spam get
> by SA. Up until then, things had been working beautifully for a number of
> years (with occasional upgrades and tweaks, of course). I'm not sure what
> has changed, but something seems broken. I upgraded to 3.1.2, but it
> didn't seem to improve things much. I also am not seeing an obvious
> pattern to the things that are getting through. Some of them are actually
> getting autolearned as ham, which is probably making the problem even
> worse.
>
> Here are several example messages that have gotten through in the last day
> or so (including the scores they got):
>
> http://dogcow.org/tmp/spam-misses-20060602/
>
> I have SA installed locally in my home dir, running through procmail (no
> spamd/spamc involvement). I theoretically have network checks on (I'm not
> running SA with '-L').
>
> Any thoughts on what is going wrong here?
Make sure your URI checks are working and add URIBL_BLACK if you don't
already have it.
Make sure you are loading the ReplaceTags plugin - FUZZY_XPILL will help
you.
Get some SARE rules:
70_sare_genlsubj_eng.cf
70_sare_stocks.cf
70_sare_oem.cf
70_sare_specific.cf
It also looks like you need to train up your Bayes.
Re: gobs of misses suddenly
Posted by Theo Van Dinter <fe...@apache.org>.
On Fri, Jun 02, 2006 at 08:37:19AM -0700, Sean Harding wrote:
> Here are several example messages that have gotten through in the last day
> or so (including the scores they got):
>
> http://dogcow.org/tmp/spam-misses-20060602/
>
> I have SA installed locally in my home dir, running through procmail (no
> spamd/spamc involvement). I theoretically have network checks on (I'm not
> running SA with '-L').
>
> Any thoughts on what is going wrong here?
My guess is that these came in before any of razor, uribl, etc, got ahold of
them. I just checked them all:
score=43.64
score=16.961
score=24.61
score=13.893
score=10.81
score=34.878
score=39.367
score=23.321
score=41.673
score=47.624
score=36.642
score=14.435
score=15.479
score=37.889
score=31.853
--
Randomly Generated Tagline:
"... before it makes the dielectric go poof, and create a yellow/brown
acrid smoke which is not good." - Prof. Demetry