You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by dawa <Da...@knapp.com> on 2008/10/01 16:34:10 UTC
Problems with some obvious spam mails
Hello!
System: Debian 4.0
SpamAssassin version: 3.2.2
MTA: Postfix with Amavis and ClamAV
- - - - - - - - - - - -
We have the problem that some very obvious spam mail come through (example:
http://pastebin.com/m606b1420).
Now I thougt bayes is on (see here the local.cf:
http://pastebin.com/m55ba168) but I think it didn't work correctly.
A test with "spamassassin -D --lint" will show this output:
http://pastebin.com/m42478b77
I want to let learn Bayes again but all mails are not get stored on this
mail server but get fetched from a lotus notes server.
I saved about 200 not identified spam-mails in notes so I must copy out the
header from each and copy it as a text file in a folder on the Spamassassin
server and let Bayes learn it again!?
And is it ok when after the learning of the spam I activate the bayes
autolearn?!
What else can I do to identify obvious mails?!
Thank you for any help!
David
--
View this message in context: http://www.nabble.com/Problems-with-some-obvious-spam-mails-tp19761835p19761835.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Problems with some obvious spam mails
Posted by Benny Pedersen <me...@junc.org>.
On Wed, October 1, 2008 16:34, dawa wrote:
> Now I thougt bayes is on (see here the local.cf:
> http://pastebin.com/m55ba168) but I think it didn't work correctly.
add_header all DCC_DCCB_: _DCCR_ change to
add_header all DCC_DCCB _DCCR_
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Problems with some obvious spam mails
Posted by mouss <mo...@netoyen.net>.
dawa wrote:
> Thanks all for the hints they were very helpful !!
>
> @mouss-2: What do you mean with
>
>>> Here, RCVD_IN_PBL is set to 4.0.
>
> I can't find this option in my config - or do you mean I should increase
> this score!??
Yes. but don't listen to me. make sure it's ok for you before changing
the score.
>
> ---
>
> I changed my smtp config from 'sbl-xbl.spamhaus.org' to 'zen.spamhaus.org'
> and activated bayes and autolearn.
>
> In the next few weeks I will reinstall our mail-cluster and for this I want
> to use a central server store for the bayes-database and every server gets a
> copy of this periodically (if this configuration is possible ;) ).
Put your bayes db in mysql.
> For this
> I will create two mailboxes: spam@x.com and ham@x.com and all spam (mails
> that get not recognized by the filters) get forwarded to spam@x.com and all
> ham (mails that are no spam) get forwarded to ham@x.com. Is this a good
> procedure.
you mean to train SA? check
http://wiki.apache.org/spamassassin/BayesInSpamAssassin
If your users use IMAP, the simplest solution is to use dedicated
folders I use Junk/Innocent/ for FPs and Junk/Spam/ for confirmed or
missed spam.
>
> Also I want to store spam mails with a specifc amount of points and for this
> I want to use a gui to check all quarantined (like the spam with specific
> points) and banned mails (mails with unwanted attachements). Does someone
> knows a good open source (web-)gui for this?!
>
Re: Problems with some obvious spam mails
Posted by dawa <Da...@knapp.com>.
Thanks all for the hints they were very helpful !!
@mouss-2: What do you mean with
>> Here, RCVD_IN_PBL is set to 4.0.
I can't find this option in my config - or do you mean I should increase
this score!??
---
I changed my smtp config from 'sbl-xbl.spamhaus.org' to 'zen.spamhaus.org'
and activated bayes and autolearn.
In the next few weeks I will reinstall our mail-cluster and for this I want
to use a central server store for the bayes-database and every server gets a
copy of this periodically (if this configuration is possible ;) ). For this
I will create two mailboxes: spam@x.com and ham@x.com and all spam (mails
that get not recognized by the filters) get forwarded to spam@x.com and all
ham (mails that are no spam) get forwarded to ham@x.com. Is this a good
procedure.
Also I want to store spam mails with a specifc amount of points and for this
I want to use a gui to check all quarantined (like the spam with specific
points) and banned mails (mails with unwanted attachements). Does someone
knows a good open source (web-)gui for this?!
Thank you,
David
------------------------------
mouss-2 wrote:
>
> dawa wrote:
>> Hello!
>>
>> System: Debian 4.0
>> SpamAssassin version: 3.2.2
>> MTA: Postfix with Amavis and ClamAV
>> - - - - - - - - - - - -
>> We have the problem that some very obvious spam mail come through
>> (example:
>> http://pastebin.com/m606b1420).
>>
>
> it now hits URIBL_BLACK.
>
> Here, RCVD_IN_PBL is set to 4.0.
>
>> Now I thougt bayes is on (see here the local.cf:
>> http://pastebin.com/m55ba168) but I think it didn't work correctly.
>
>
> you disabled Bayes with your:
> use_bayes 0
>
> With Bayes on, HTML_EXTRA_CLOSE would get 2.8.
>
>>
>> A test with "spamassassin -D --lint" will show this output:
>> http://pastebin.com/m42478b77
>>
>> I want to let learn Bayes again but all mails are not get stored on this
>> mail server but get fetched from a lotus notes server.
>>
>> I saved about 200 not identified spam-mails in notes so I must copy out
>> the
>> header from each and copy it as a text file in a folder on the
>> Spamassassin
>> server and let Bayes learn it again!?
>>
>
> you can use fetchmail or the like. ideally, you should copy "unaltered"
> messages (they can have few additionnal headers of course).
>
> but if that's too much, just wait and use "future" mail instead.
>
>
>> And is it ok when after the learning of the spam I activate the bayes
>> autolearn?!
>>
>
> activate Bayes and autolearn now. There is no reason to wait until you
> train it.
>
>> What else can I do to identify obvious mails?!
>
> if you got the mail directly (and not from your ISP/MSP/... forwarder)
> and depending on your setup, you could reject at smtp time using
> zen.spamhaus.org. and even if you don't, I've never seen anything real
> from p[A-Z0-9]+.dip0.t-ipconnect.de.
>
>
--
View this message in context: http://www.nabble.com/Problems-with-some-obvious-spam-mails-tp19761835p19793931.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Problems with some obvious spam mails
Posted by mouss <mo...@netoyen.net>.
dawa wrote:
> Hello!
>
> System: Debian 4.0
> SpamAssassin version: 3.2.2
> MTA: Postfix with Amavis and ClamAV
> - - - - - - - - - - - -
> We have the problem that some very obvious spam mail come through (example:
> http://pastebin.com/m606b1420).
>
it now hits URIBL_BLACK.
Here, RCVD_IN_PBL is set to 4.0.
> Now I thougt bayes is on (see here the local.cf:
> http://pastebin.com/m55ba168) but I think it didn't work correctly.
you disabled Bayes with your:
use_bayes 0
With Bayes on, HTML_EXTRA_CLOSE would get 2.8.
>
> A test with "spamassassin -D --lint" will show this output:
> http://pastebin.com/m42478b77
>
> I want to let learn Bayes again but all mails are not get stored on this
> mail server but get fetched from a lotus notes server.
>
> I saved about 200 not identified spam-mails in notes so I must copy out the
> header from each and copy it as a text file in a folder on the Spamassassin
> server and let Bayes learn it again!?
>
you can use fetchmail or the like. ideally, you should copy "unaltered"
messages (they can have few additionnal headers of course).
but if that's too much, just wait and use "future" mail instead.
> And is it ok when after the learning of the spam I activate the bayes
> autolearn?!
>
activate Bayes and autolearn now. There is no reason to wait until you
train it.
> What else can I do to identify obvious mails?!
if you got the mail directly (and not from your ISP/MSP/... forwarder)
and depending on your setup, you could reject at smtp time using
zen.spamhaus.org. and even if you don't, I've never seen anything real
from p[A-Z0-9]+.dip0.t-ipconnect.de.