You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Brian S. Meehan" <br...@meehanontheweb.com> on 2006/11/06 01:48:57 UTC
spam filter working, but not well
Hi all,
Spam filtering is working, but I'm getting about half the spam in my
mailbox. Anyone have tips on adjustments I could make?
Here's what I have in the local.cf file:
rewrite_header SUBJECT **SPAM**
dns_available yes
required_score 4.0
bayes_path /etc/mail/spamassassin/bayesfiles/bayes
use_bayes 1
bayes_auto_learn 1
bayes_auto_learn_threshold_spam 10
bayes_file_mode 0777
report_safe 0
trusted_networks 192.168.1.101
bayes_ignore_header X-purgate
bayes_ignore_header X-purgate-ID
bayes_ignore_header X-purgate-Ad
bayes_ignore_header X-GMX-Antispam
bayes_ignore_header X-Antispam
bayes_ignore_header X-Spamcount
bayes_ignore_header X-Spamsensitivity
Thanks,
Brian
--
"All people who think everything is either black or white are idiots."
Re: spam filter working, but not well
Posted by Jim Maul <jm...@elih.org>.
Brian S. Meehan wrote:
> Jim,
> I have it set so that i'm using /usr/bin/spamassassin now. Thanks for that
> info.
>
> Here is the relevant message header from an email that was not caught:
> X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
> mail.meehanontheweb.com
> X-Spam-Level: ***
> X-Spam-Status: No, score=3.1 required=4.0 tests=ADVANCE_FEE_1,RCVD_IN_XBL
> autolearn=no version=3.1.7
> Received: from cliente-addc099 (201-68-96-184.dsl.telesp.net.br
> [::ffff:201.68.96.184])
> by meehanontheweb.com with esmtp; Tue, 07 Nov 2006 10:50:57 -0500
> id 00072EA2.4550AB7D.000018B6
> Old-Return-Path: <de...@bullwinkle.spd.ti.com>
> Received: from 192.94.94.37 (HELO red.ext.ti.com)
> by meehanontheweb.com with esmtp (CSNG1VAZG A627H)
> id 6W926D-JODX0S-DO
> for brian@meehanontheweb.com; Tue, 7 Nov 2006 15:49:51 +0180
> From: "Dillon Barron" <de...@bullwinkle.spd.ti.com>
> To: brian@meehanontheweb.com
> Subject: Dillon here :)
>
>
> Here is another one that wasn't caught:
> X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
> mail.meehanontheweb.com
> X-Spam-Level: *
> X-Spam-Status: No, score=1.7 required=4.0 tests=EXTRA_MPART_TYPE,
> HTML_IMAGE_ONLY_24,HTML_MESSAGE autolearn=no version=3.1.7
> Received: from catv-50634822.catv.broadband.hu
> (catv-50634822.catv.broadband.hu [::ffff:80.99.72.34])
> by meehanontheweb.com with esmtp; Mon, 06 Nov 2006 17:04:29 -0500
> id 00086441.454FB16F.000031DE
> Message-ID: <00...@gepezet>
> From: "Project:" <ga...@broadband.hu>
> To: brian@meehanontheweb.com
> Subject: rejected Uganda rebel
>
> Thanks,
> -Brian
>
>
Whats strange is there are no bayes scores at all. I know you mentioned
that you have at least 200 ham/spam in the database but are you sure its
the same users database that mail processing runs as? Also, when i just
ran those headers through spamc here, i got:
4.1 MSGID_OUTLOOK_INVALID Message-Id is fake (in Outlook Express format)
Im curious as to why your system didnt trigger this rule? Im still
running 2.64 ;(
It does seem that you are using network tests, but are you using
razor/pyzor/dcc? Those could help as well.
-Jim
Re: spam filter working, but not well
Posted by "Brian S. Meehan" <br...@meehanontheweb.com>.
Jim,
I have it set so that i'm using /usr/bin/spamassassin now. Thanks for that
info.
Here is the relevant message header from an email that was not caught:
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
mail.meehanontheweb.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.1 required=4.0 tests=ADVANCE_FEE_1,RCVD_IN_XBL
autolearn=no version=3.1.7
Received: from cliente-addc099 (201-68-96-184.dsl.telesp.net.br
[::ffff:201.68.96.184])
by meehanontheweb.com with esmtp; Tue, 07 Nov 2006 10:50:57 -0500
id 00072EA2.4550AB7D.000018B6
Old-Return-Path: <de...@bullwinkle.spd.ti.com>
Received: from 192.94.94.37 (HELO red.ext.ti.com)
by meehanontheweb.com with esmtp (CSNG1VAZG A627H)
id 6W926D-JODX0S-DO
for brian@meehanontheweb.com; Tue, 7 Nov 2006 15:49:51 +0180
From: "Dillon Barron" <de...@bullwinkle.spd.ti.com>
To: brian@meehanontheweb.com
Subject: Dillon here :)
Here is another one that wasn't caught:
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
mail.meehanontheweb.com
X-Spam-Level: *
X-Spam-Status: No, score=1.7 required=4.0 tests=EXTRA_MPART_TYPE,
HTML_IMAGE_ONLY_24,HTML_MESSAGE autolearn=no version=3.1.7
Received: from catv-50634822.catv.broadband.hu
(catv-50634822.catv.broadband.hu [::ffff:80.99.72.34])
by meehanontheweb.com with esmtp; Mon, 06 Nov 2006 17:04:29 -0500
id 00086441.454FB16F.000031DE
Message-ID: <00...@gepezet>
From: "Project:" <ga...@broadband.hu>
To: brian@meehanontheweb.com
Subject: rejected Uganda rebel
Thanks,
-Brian
On Tue, November 7, 2006 10:42, Jim Maul wrote:
> Brian S. Meehan wrote:
>> Spamassassin is invoked from Courier-MTA. (OS is SUSE Pro 9.3)
>> The /usr/lib/courier/etc/courierd file has the following line:
>> DEFAULTDELIVERY="| /usr/bin/spamassassin |
>> /usr/lib/courier/bin/maildrop"
>> I had tried it with 'spamc' but there was no difference. When I tried it
>> with /usr/bin/spamd I get the following in my mail log:
>>
>
> spamd is the daemon and you definitely do not want to start this for
> every message you receive. You should be using spamassassin or spamc
> here. If you use spamc, spamd must already be started and running for
> it to function correctly. spamc/spamd are a pair and are used together.
> spamassassin is standalone.
>
>> spamd[5895]: spamd: could not create INET socket on 127.0.0.1:783:
>> Permission denied
>> courierlocal:
>> id=00086831.4550A56E.00001702,from=<.....@meehanontheweb.com>:
>> [5895] error: spamd: could not create INET socket on 127.0.0.1:783:
>> Permission denied
>> courierlocal:
>> id=00086831.4550A56E.00001702,from=<.....@meehanontheweb.com>:
>> spamd: could not create INET socket on 127.0.0.1:783: Permission denied
>> courierlocal:
>> id=00086831.4550A56E.00001702,from=<.....@meehanontheweb.com>,size=928,success:
>> Message delivered.
>> courierd: completed,id=00086831.4550A56E.00001702
>>
>>
>> I definitely have more than 200 ham and 200 spam in the database (done
>> with sa-learn commands). bayes_seen is 632k and bayes_toks is 2.5M in
>> size.
>>
>> I think the problem is network tests but I checked the
>> /etc/sysconfig/spamd file and the only uncommented line is:
>> SPAMD_ARGS="-d -c"
>>
>> -Brian
>>
>
> Can you send a sample of a message that you received? Im not sure if
> you did this already as i missed the original message.
>
> -Jim
>
--
"All people who think everything is either black or white are idiots."
Re: spam filter working, but not well
Posted by Jim Maul <jm...@elih.org>.
Brian S. Meehan wrote:
> Spamassassin is invoked from Courier-MTA. (OS is SUSE Pro 9.3)
> The /usr/lib/courier/etc/courierd file has the following line:
> DEFAULTDELIVERY="| /usr/bin/spamassassin | /usr/lib/courier/bin/maildrop"
> I had tried it with 'spamc' but there was no difference. When I tried it
> with /usr/bin/spamd I get the following in my mail log:
>
spamd is the daemon and you definitely do not want to start this for
every message you receive. You should be using spamassassin or spamc
here. If you use spamc, spamd must already be started and running for
it to function correctly. spamc/spamd are a pair and are used together.
spamassassin is standalone.
> spamd[5895]: spamd: could not create INET socket on 127.0.0.1:783:
> Permission denied
> courierlocal:
> id=00086831.4550A56E.00001702,from=<.....@meehanontheweb.com>:
> [5895] error: spamd: could not create INET socket on 127.0.0.1:783:
> Permission denied
> courierlocal:
> id=00086831.4550A56E.00001702,from=<.....@meehanontheweb.com>:
> spamd: could not create INET socket on 127.0.0.1:783: Permission denied
> courierlocal:
> id=00086831.4550A56E.00001702,from=<.....@meehanontheweb.com>,size=928,success:
> Message delivered.
> courierd: completed,id=00086831.4550A56E.00001702
>
>
> I definitely have more than 200 ham and 200 spam in the database (done
> with sa-learn commands). bayes_seen is 632k and bayes_toks is 2.5M in
> size.
>
> I think the problem is network tests but I checked the
> /etc/sysconfig/spamd file and the only uncommented line is:
> SPAMD_ARGS="-d -c"
>
> -Brian
>
Can you send a sample of a message that you received? Im not sure if
you did this already as i missed the original message.
-Jim
Re: spam filter working, but not well
Posted by "Brian S. Meehan" <br...@meehanontheweb.com>.
Spamassassin is invoked from Courier-MTA. (OS is SUSE Pro 9.3)
The /usr/lib/courier/etc/courierd file has the following line:
DEFAULTDELIVERY="| /usr/bin/spamassassin | /usr/lib/courier/bin/maildrop"
I had tried it with 'spamc' but there was no difference. When I tried it
with /usr/bin/spamd I get the following in my mail log:
spamd[5895]: spamd: could not create INET socket on 127.0.0.1:783:
Permission denied
courierlocal:
id=00086831.4550A56E.00001702,from=<.....@meehanontheweb.com>:
[5895] error: spamd: could not create INET socket on 127.0.0.1:783:
Permission denied
courierlocal:
id=00086831.4550A56E.00001702,from=<.....@meehanontheweb.com>:
spamd: could not create INET socket on 127.0.0.1:783: Permission denied
courierlocal:
id=00086831.4550A56E.00001702,from=<.....@meehanontheweb.com>,size=928,success:
Message delivered.
courierd: completed,id=00086831.4550A56E.00001702
I definitely have more than 200 ham and 200 spam in the database (done
with sa-learn commands). bayes_seen is 632k and bayes_toks is 2.5M in
size.
I think the problem is network tests but I checked the
/etc/sysconfig/spamd file and the only uncommented line is:
SPAMD_ARGS="-d -c"
-Brian
On Mon, November 6, 2006 05:20, Peter Teunissen wrote:
>
> On 6-nov-2006, at 1:54, John Andersen wrote:
>
>> On Sunday 05 November 2006 15:48, Brian S. Meehan wrote:
>>> Hi all,
>>> Spam filtering is working, but I'm getting about half the spam in my
>>> mailbox. Anyone have tips on adjustments I could make?
>>>
>>> Here's what I have in the local.cf file:
>>> rewrite_header SUBJECT **SPAM**
>>> dns_available yes
>>> required_score 4.0
>>> bayes_path /etc/mail/spamassassin/bayesfiles/bayes
>>> use_bayes 1
>>> bayes_auto_learn 1
>>> bayes_auto_learn_threshold_spam 10
>>> bayes_file_mode 0777
>>> report_safe 0
>>> trusted_networks 192.168.1.101
>>> bayes_ignore_header X-purgate
>>> bayes_ignore_header X-purgate-ID
>>> bayes_ignore_header X-purgate-Ad
>>> bayes_ignore_header X-GMX-Antispam
>>> bayes_ignore_header X-Antispam
>>> bayes_ignore_header X-Spamcount
>>> bayes_ignore_header X-Spamsensitivity
>>
>> Its not clear if you have network tests running or not.
>> How is spamassassin invoked?
>>
> and:
> - have you trained you bayes DB with at least 200 HAM and 200 SPAM?
> - added some safe rules from SARE (for example with sa-update and the
> http://saupdates.openprotect.com/ channel?)
>
> Peter
>
>
--
"All people who think everything is either black or white are idiots."
Re: spam filter working, but not well
Posted by Peter Teunissen <li...@onemanifest.net>.
On 6-nov-2006, at 1:54, John Andersen wrote:
> On Sunday 05 November 2006 15:48, Brian S. Meehan wrote:
>> Hi all,
>> Spam filtering is working, but I'm getting about half the spam in my
>> mailbox. Anyone have tips on adjustments I could make?
>>
>> Here's what I have in the local.cf file:
>> rewrite_header SUBJECT **SPAM**
>> dns_available yes
>> required_score 4.0
>> bayes_path /etc/mail/spamassassin/bayesfiles/bayes
>> use_bayes 1
>> bayes_auto_learn 1
>> bayes_auto_learn_threshold_spam 10
>> bayes_file_mode 0777
>> report_safe 0
>> trusted_networks 192.168.1.101
>> bayes_ignore_header X-purgate
>> bayes_ignore_header X-purgate-ID
>> bayes_ignore_header X-purgate-Ad
>> bayes_ignore_header X-GMX-Antispam
>> bayes_ignore_header X-Antispam
>> bayes_ignore_header X-Spamcount
>> bayes_ignore_header X-Spamsensitivity
>
> Its not clear if you have network tests running or not.
> How is spamassassin invoked?
>
and:
- have you trained you bayes DB with at least 200 HAM and 200 SPAM?
- added some safe rules from SARE (for example with sa-update and the
http://saupdates.openprotect.com/ channel?)
Peter
Re: spam filter working, but not well
Posted by John Andersen <js...@pen.homeip.net>.
On Sunday 05 November 2006 15:48, Brian S. Meehan wrote:
> Hi all,
> Spam filtering is working, but I'm getting about half the spam in my
> mailbox. Anyone have tips on adjustments I could make?
>
> Here's what I have in the local.cf file:
> rewrite_header SUBJECT **SPAM**
> dns_available yes
> required_score 4.0
> bayes_path /etc/mail/spamassassin/bayesfiles/bayes
> use_bayes 1
> bayes_auto_learn 1
> bayes_auto_learn_threshold_spam 10
> bayes_file_mode 0777
> report_safe 0
> trusted_networks 192.168.1.101
> bayes_ignore_header X-purgate
> bayes_ignore_header X-purgate-ID
> bayes_ignore_header X-purgate-Ad
> bayes_ignore_header X-GMX-Antispam
> bayes_ignore_header X-Antispam
> bayes_ignore_header X-Spamcount
> bayes_ignore_header X-Spamsensitivity
Its not clear if you have network tests running or not.
How is spamassassin invoked?
--
_____________________________________
John Andersen