You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Caleb Cushing <xe...@gmail.com> on 2008/04/03 22:12:16 UTC
foreign spam slipping through
the attached email is one of the mails that keeps slipping through.
I have no idea what it says, or why it continues to slip through my filter
(well why it has a lower score than what's required).
kmail runs spamassassin -L with filters to check for spam
I've also told kmail mails from these people are spam before it uses this.
sa-learn -L --spam --no-sync
and I periodically run this from the cli.
sa-learn --showdots --spam .kde/share/apps/kmail/mail/spam/cur/*
these are the relevant settings in ~/.spamassassin user_prefs
required_score 4
ok_languages en
I can't understand why with it not being in english and these settings that it
still slips through.
--
Caleb Cushing
my blog http://xenoterracide.blogspot.com
Re: foreign spam slipping through
Posted by Loren Wilton <lw...@earthlink.net>.
> I'll have to check and see why kmail has that as the default. enabling
> RBL's
> doesn't have to query them everytime does it? meaning does it cache them.
No, SA doesn't cache them, and does test them every time. Running a caching
DNS server somewhere near the SA machine (possibly on the same machine) is a
good idea. It depends on your mail load. If this is a personal-use machine
the cache probably isn't needed.
Loren
Re: foreign spam slipping through
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2008-04-03 at 21:38 -0400, Caleb Cushing wrote:
> On Thursday 03 April 2008 07:44:04 pm Karsten Bräckelmann wrote:
> > Yes, you have -- by calling spamassassin with he -L switch. See my
> > previous post.
>
> I'll have to check and see why kmail has that as the default. enabling RBL's
> doesn't have to query them everytime does it? meaning does it cache them.
KMail probably does this by default, because it speeds up the checks. SA
isn't suited best for client side after-download calling by filters.
Anyway, I wouldn't worry about the added delay of querying RBLs for each
message. You are calling *spamassassin* in your filter, so the real
penalty is the startup time and CPU load here -- for each single
message. Using the lightweight spamc client with spamd daemon instead
will decrease the load and scanning time significantly.
After all, the RBL tests pretty much add a few seconds of idle waiting
only, no CPU load.
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: foreign spam slipping through
Posted by Caleb Cushing <xe...@gmail.com>.
On Thursday 03 April 2008 07:44:04 pm Karsten Bräckelmann wrote:
> Yes, you have -- by calling spamassassin with he -L switch. See my
> previous post.
I'll have to check and see why kmail has that as the default. enabling RBL's
doesn't have to query them everytime does it? meaning does it cache them.
--
Caleb Cushing
my blog http://xenoterracide.blogspot.com
Re: foreign spam slipping through
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2008-04-03 at 18:33 -0400, Caleb Cushing wrote:
> On Thursday 03 April 2008 06:16:51 pm D Hill wrote:
> > ok_locales en
> will add
Which doesn't help in this case. ok_locales is about the charsets [1],
and your spample does indeed use a Western character set (aka "en" in
ok_locales terms).
> > Also, do you have RBL checks enabled? By default, this is enabled unless
> > you have set 'skip_rbl_checks'.
>
> I haven't disabled them.
Yes, you have -- by calling spamassassin with he -L switch. See my
previous post.
guenther
[1] http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#language_options
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: foreign spam slipping through
Posted by Caleb Cushing <xe...@gmail.com>.
On Thursday 03 April 2008 06:16:51 pm D Hill wrote:
> I also have:
>
> ok_locales en
will add
> In your headers, I didn't see UNWANTED_LANGUAGE_BODY. Do you have the
> TextCat plugin enabled/loaded? In my install, it is found in:
>
> /etc/mail/spamassassin/v310.pre
>
> This is actually the default config file where it is loaded.
I'm enabling it.
> Also, do you have RBL checks enabled? By default, this is enabled unless
> you have set 'skip_rbl_checks'.
I haven't disabled them.
I should note that I've been using spamassassin on suse (only recently started
using it for my personal mail) and just started using it on gentoo, and I've
found some things missing. so if additional perl files might be needed it
would be good to know that. (because I realized after I sent my first mail I
actually didn't have bayes working on gentoo, (it was on suse) this has been
remedied.
--
Caleb Cushing
my blog http://xenoterracide.blogspot.com
Re: foreign spam slipping through
Posted by D Hill <d....@yournetplus.com>.
On Thu, 3 Apr 2008 at 17:00 -0400, xenoterracide@gmail.com confabulated:
> On Thursday 03 April 2008 04:32:40 pm you wrote:
>> Most of those are getting caught here. Here is what your message scored:
>
> any way to increase the score that language receives?
I have the same:
ok_languages en
I also have:
ok_locales en
In your headers, I didn't see UNWANTED_LANGUAGE_BODY. Do you have the
TextCat plugin enabled/loaded? In my install, it is found in:
/etc/mail/spamassassin/v310.pre
This is actually the default config file where it is loaded.
Also, do you have RBL checks enabled? By default, this is enabled unless
you have set 'skip_rbl_checks'.
Re: foreign spam slipping through
Posted by D Hill <d....@yournetplus.com>.
On Thu, 3 Apr 2008 at 16:12 -0400, xenoterracide@gmail.com confabulated:
> the attached email is one of the mails that keeps slipping through.
>
> I have no idea what it says, or why it continues to slip through my filter
> (well why it has a lower score than what's required).
>
> kmail runs spamassassin -L with filters to check for spam
>
> I've also told kmail mails from these people are spam before it uses this.
> sa-learn -L --spam --no-sync
>
> and I periodically run this from the cli.
> sa-learn --showdots --spam .kde/share/apps/kmail/mail/spam/cur/*
>
> these are the relevant settings in ~/.spamassassin user_prefs
>
> required_score 4
> ok_languages en
>
> I can't understand why with it not being in english and these settings that it
> still slips through.
Most of those are getting caught here. Here is what your message scored:
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01)
X-Spam-Level: xxxxxxx
X-Spam-Status: Hits:7.9 Tests:BAD_ENC_HEADER=2.87,EXTRA_MPART_TYPE=1,
RCVD_IN_BL_SPAMCOP_NET=2.188,RCVD_IN_DNSWL_LOW=-1,UNWANTED_LANGUAGE_BODY=2.8
Unsubscribe (was: foreign spam slipping through)
Posted by SM <sm...@resistor.net>.
At 13:51 03-04-2008, Matt wrote:
>How do I unsubscribe from here? There are no unsubscribe links at
>the bottom of these messages.
The links are in the message headers.
list-help: <ma...@spamassassin.apache.org>
list-unsubscribe: <ma...@spamassassin.apache.org>
Regards,
-sm
Re: foreign spam slipping through
Posted by D Hill <d....@yournetplus.com>.
On Thu, 3 Apr 2008 at 16:51 -0400, mhoppes@gmail.com confabulated:
> How do I unsubscribe from here? There are no unsubscribe links at the
> bottom of these messages.
As found in the headers of ALL list messages:
list-unsubscribe: <ma...@spamassassin.apache.org>
Re: foreign spam slipping through
Posted by Matt <mh...@gmail.com>.
How do I unsubscribe from here? There are no unsubscribe links at the
bottom of these messages.
On Thu, Apr 3, 2008 at 4:12 PM, Caleb Cushing <xe...@gmail.com>
wrote:
> the attached email is one of the mails that keeps slipping through.
>
> I have no idea what it says, or why it continues to slip through my filter
> (well why it has a lower score than what's required).
>
> kmail runs spamassassin -L with filters to check for spam
>
> I've also told kmail mails from these people are spam before it uses this.
> sa-learn -L --spam --no-sync
>
> and I periodically run this from the cli.
> sa-learn --showdots --spam .kde/share/apps/kmail/mail/spam/cur/*
>
> these are the relevant settings in ~/.spamassassin user_prefs
>
> required_score 4
> ok_languages en
>
> I can't understand why with it not being in english and these settings
> that it
> still slips through.
> --
> Caleb Cushing
>
> my blog http://xenoterracide.blogspot.com
>
Re: foreign spam slipping through
Posted by John Hardin <jh...@impsec.org>.
On Thu, 3 Apr 2008, Caleb Cushing wrote:
> the attached email is one of the mails that keeps slipping through.
Please don't send 300kb attachments to a mailing list. Post the message
headers and body to a website you control (or use a service like pastebin)
if you wish to provide a sample.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
End users want eye candy and the "ooo's and aaaahhh's" experience
when reading mail. To them email isn't a tool, but an entertainment
form. -- Steve Lake
-----------------------------------------------------------------------
10 days until Thomas Jefferson's 265th Birthday
Re: foreign spam slipping through
Posted by Caleb Cushing <xe...@gmail.com>.
On Friday 04 April 2008 05:40:07 am Matus UHLAR - fantomas wrote:
> the attached e-mail didn't have any X-Spam headers. Are you sure it's run
> by SA? in the past, the size limit was 256k, while this mail was bigger, so
> it wouldn't be scanned. Don't you have this limit still set somewhere?
I bumped the limit within kmail for that reason (also I think it might be as
big as it is to bypass spamassassin). It didn't get scanned the first time I
had to 're-filter' it (but it still didn't score high enough). I see X-Spam
headers in the attachment though, and at least one other person commented on
them. I would lower my required score but I'm pretty sure I get mail that
regularly scores as high as this did that is valid.
--
Caleb Cushing
my blog http://xenoterracide.blogspot.com
Re: foreign spam slipping through
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 03.04.08 16:12, Caleb Cushing wrote:
> the attached email is one of the mails that keeps slipping through.
the attached e-mail didn't have any X-Spam headers. Are you sure it's run by
SA? in the past, the size limit was 256k, while this mail was bigger, so it
wouldn't be scanned. Don't you have this limit still set somewhere?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.
Re: foreign spam slipping through
Posted by Loren Wilton <lw...@earthlink.net>.
>what's the minimum?
By default 200 of each. It can be changed, but that isn't a good idea.
Loren
Re: foreign spam slipping through
Posted by Caleb Cushing <xe...@gmail.com>.
On Thursday 03 April 2008 07:43:58 pm Karsten Bräckelmann wrote:
> Also, there are constraints like a minimum spam *and* ham learned,
> before Bayes kicks in, yada yada -- but you appear to have resolved that
> already judging by your later post.
what's the minimum?
--
Caleb Cushing
my blog http://xenoterracide.blogspot.com
Re: foreign spam slipping through
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2008-04-03 at 16:12 -0400, Caleb Cushing wrote:
> I have no idea what it says, or why it continues to slip through my filter
> (well why it has a lower score than what's required).
>
> kmail runs spamassassin -L with filters to check for spam
^^
You are explicitly disabling any network tests. See my other post to
this thread. And of course, please see the docs [1]. :)
> I've also told kmail mails from these people are spam before it uses this.
> sa-learn -L --spam --no-sync
sa-learn trains the Bayesian Classifier, which does not know about a
concept like "these people" or an origin in general. It learns the
tokens, the words in the mail.
Also, there are constraints like a minimum spam *and* ham learned,
before Bayes kicks in, yada yada -- but you appear to have resolved that
already judging by your later post. ;)
guenther
[1] http://spamassassin.apache.org/full/3.2.x/doc/spamassassin-run.html
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}