You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ruleqa@spamassassin.apache.org by da...@chaosreigns.com on 2014/10/13 18:56:05 UTC

Re: [dnswl-admins] SpamAssassin Rule QA graphs for 2014-10-12

I bet the trust path is incorrectly configured where data is being
collected for the axb-8mile and axb-generic corpora.  

AXB, can you check if your RCVD_IN_DNSWL_MED hits in those corpora are
corresponding to IPs you should add to your trusted_networks or
internal_networks?

I wonder if it would be useful to modify masscheck to throw some kind
of warning if an unusually high percentage of emails are from a single
"last external" IP, to detect similar problems.  Maybe even put that
percentage in the uploaded masscheck logs?  Of the last 1519 emails in
my inbox with external relays, the highest from one IP is 8.4%, from a
social media site I've been playing with more lately.


The way I looked up the RCVD_IN_DNSWL_MED results was to go to
http://www.chaosreigns.com/dnswl/ , click the "SpamAssassin Rule QA"
link at the very top of the page, which takes you to the most recent
results for DNSWL rules, then noticed RCVD_IN_DNSWL_MED is listed as
hitting 12% of spam, then clicked on the link for that rule, then waited
for the "SPAM%" column title to become clickable, clicked on it twice,
and saw that those two corpora had unusually high spam hit rates:

  MSECS    SPAM%     HAM%     S/O    RANK   SCORE  NAME   WHO/AGE
      0  13.1744        0   1.000    0.10    0.00  RCVD_IN_DNSWL_MED axb-8mile 
      0  12.2843        0   1.000    0.09    0.00  RCVD_IN_DNSWL_MED axb-generic 
      0  11.6935  12.0037   0.493    0.37    0.00  RCVD_IN_DNSWL_MED  
      0   0.5357  11.6904   0.044    0.89    0.00  RCVD_IN_DNSWL_MED mas-mas 

The line without a name is the the average.


Anybody interested in checking their last untrusted IPs may want to add a 
X-Spam-RelaysUntrusted header to their emails with:

add_header all RelaysUntrusted _RELAYSUNTRUSTED_

More info on these pages:
https://wiki.apache.org/spamassassin/TrustPath
https://wiki.apache.org/spamassassin/TrustedRelays

On 10/13, Matthias Leisi wrote:
>    Is there something broken in the stats? 
>    99.6678289742392% of email DNSWL ranks as "high" is non-spam. (Goal:
>    99.99%)
>    19.049722061877% of email DNSWL ranks as "medium" is non-spam. (Goal: 98%)
>    93.8715245089489% of email DNSWL ranks as "low" is non-spam. (Goal: 85%)
>    88.1431589083806% of email DNSWL ranks as "none" is non-spam. (Goal: 50%)
>    19% seems unusually low, the rest more or less OK (even though I would
>    expect the 88% of "none" to be lower).
>    -- Matthias
>    On Sun, Oct 12, 2014 at 10:27 AM, <da...@chaosreigns.com> wrote:
> 
>      http://www.chaosreigns.com/dnswl/
>      --
>      --
>      dnswl-admins@googlegroups.com
>      http://groups.google.ch/group/dnswl-admins
>      ---
>      You received this message because you are subscribed to the Google
>      Groups "dnswl-admins" group.
>      To unsubscribe from this group and stop receiving emails from it, send
>      an email to dnswl-admins+unsubscribe@googlegroups.com.
>      For more options, visit https://groups.google.com/d/optout.
> 
>    --
>    Matthias Leisi
>    Katzenrütistrasse 68, 8153 Rümlang
>    043 211 03 55 / 079 377 04 43