You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Lorenzo Thurman <lo...@thethurmans.com> on 2014/09/27 04:59:47 UTC
Spamassasin not as effective anymore
I’ve be using spamassasin for a number of years with excellent results. But, now over the last month or so, it has been scoring spam very low. It still catches most spam, but whereas only about a dozen or so might get through to my inbox in a week, I’m suddenly getting a dozen or so a day. I run sa-update via cron every dat and I have a special mail folder where I place missed spam and run sa-learn against it weekly. I know its an arms race out there fighting spam, but here some sample subject lines with SA's scores that I think should be caught. I know spamassasin looks at a lot more than subject lines, but Does anyone know what I can do to increase spamassasin’s ability to detect spam? My threshold is set to 4.6.
"Complete Our Survey, qualify for free-samples" 4.1
"Re: Your Score-Changes on: 09/26/2014*" 2.9
"Weird 30 second trick cURES Diabetes..” 4.1
"Quality Window Replacement Deals” 4.4
"Find a PhD degree online in the specialty field” 2.8
"Your background check is Available online” 2.4
"Perfect vision with one weird trick” 0.0
Re: Spamassasin not as effective anymore
Posted by Axb <ax...@gmail.com>.
On 09/29/2014 05:27 PM, Lorenzo Thurman wrote:
> I’ve created a paste bin with a couple of sample emails here:
> http://pastebin.com/KfYrGMm8
>
reject_rbl_client sbl-xbl.spamhaus.org, <<<< replace this with
zen.spamhaus.org
reject_rbl_client cbl.abuseat.org, <<<< This is included in ZEn -
remove.
reject_rbl_client multi.uribl.com, <<<< URIBL doesn't list
sender IPs - remove this.
reject_rbl_client dsn.rfc-ignorant.org, <<<< OBSOLETE- DEAD - REMOVE
reject_rbl_client list.dsbl.org, <<<< OBSOLETE- DEAD - REMOVE
> My DNS forwards queries. I hope this is enough.
YOu should let your DNS do the resolving without forwarding to a third
party outside your control
SA reports show no SURBL/DBL/URIBL hits - do you see any hits in your
maillogs?
> On Sep 27, 2014, at 7:02 AM, Axb <ax...@gmail.com> wrote:
>
>> On 09/27/2014 04:59 AM, Lorenzo Thurman wrote:
>>> I’ve be using spamassasin for a number of years with excellent results. But, now over the last month or so, it has been scoring spam very low. It still catches most spam, but whereas only about a dozen or so might get through to my inbox in a week, I’m suddenly getting a dozen or so a day. I run sa-update via cron every dat and I have a special mail folder where I place missed spam and run sa-learn against it weekly. I know its an arms race out there fighting spam, but here some sample subject lines with SA's scores that I think should be caught. I know spamassasin looks at a lot more than subject lines, but Does anyone know what I can do to increase spamassasin’s ability to detect spam? My threshold is set to 4.6.
>>>
>>> "Complete Our Survey, qualify for free-samples" 4.1
>>> "Re: Your Score-Changes on: 09/26/2014*" 2.9
>>> "Weird 30 second trick cURES Diabetes..” 4.1
>>> "Quality Window Replacement Deals” 4.4
>>> "Find a PhD degree online in the specialty field” 2.8
>>> "Your background check is Available online” 2.4
>>> "Perfect vision with one weird trick” 0.0
>>>
>>
>> Please try to reply the questions below so others get a better picture of your setup/issue.
>>
>> - Please post missed spam samples in pastebin.com - do not post samples to mailing list
>>
>> - What SA version are you using
>>
>> - How are using SA?
>> (amavis, milter, Mailscanner, procmail, Fuglu, etc, etc)
>>
>> - Are you using SA in a PC/notebook? or on a server?
>>
>> - What plugins are you using?
>> (Razor, Pyzor, DCC, etc)
>>
>> - Are you using a local, non forwarding, DNS resolver/caching server ?
>>
>> Axb
>>
>
>
Re: Spamassasin not as effective anymore
Posted by Lorenzo Thurman <lo...@thethurmans.com>.
I’ve created a paste bin with a couple of sample emails here:
http://pastebin.com/KfYrGMm8
I’m running spam assassin on a my Mail server Ubuntu 14.04. I use postfix as my MTA. Spamassasin is at 3.4.0, with razor and I have these recipient restrictions set in postfix:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
reject_unauth_destination,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
permit
My DNS forwards queries. I hope this is enough.
Thanks
On Sep 27, 2014, at 7:02 AM, Axb <ax...@gmail.com> wrote:
> On 09/27/2014 04:59 AM, Lorenzo Thurman wrote:
>> I’ve be using spamassasin for a number of years with excellent results. But, now over the last month or so, it has been scoring spam very low. It still catches most spam, but whereas only about a dozen or so might get through to my inbox in a week, I’m suddenly getting a dozen or so a day. I run sa-update via cron every dat and I have a special mail folder where I place missed spam and run sa-learn against it weekly. I know its an arms race out there fighting spam, but here some sample subject lines with SA's scores that I think should be caught. I know spamassasin looks at a lot more than subject lines, but Does anyone know what I can do to increase spamassasin’s ability to detect spam? My threshold is set to 4.6.
>>
>> "Complete Our Survey, qualify for free-samples" 4.1
>> "Re: Your Score-Changes on: 09/26/2014*" 2.9
>> "Weird 30 second trick cURES Diabetes..” 4.1
>> "Quality Window Replacement Deals” 4.4
>> "Find a PhD degree online in the specialty field” 2.8
>> "Your background check is Available online” 2.4
>> "Perfect vision with one weird trick” 0.0
>>
>
> Please try to reply the questions below so others get a better picture of your setup/issue.
>
> - Please post missed spam samples in pastebin.com - do not post samples to mailing list
>
> - What SA version are you using
>
> - How are using SA?
> (amavis, milter, Mailscanner, procmail, Fuglu, etc, etc)
>
> - Are you using SA in a PC/notebook? or on a server?
>
> - What plugins are you using?
> (Razor, Pyzor, DCC, etc)
>
> - Are you using a local, non forwarding, DNS resolver/caching server ?
>
> Axb
>
Re: Spamassasin not as effective anymore
Posted by Axb <ax...@gmail.com>.
On 09/27/2014 04:59 AM, Lorenzo Thurman wrote:
> I’ve be using spamassasin for a number of years with excellent results. But, now over the last month or so, it has been scoring spam very low. It still catches most spam, but whereas only about a dozen or so might get through to my inbox in a week, I’m suddenly getting a dozen or so a day. I run sa-update via cron every dat and I have a special mail folder where I place missed spam and run sa-learn against it weekly. I know its an arms race out there fighting spam, but here some sample subject lines with SA's scores that I think should be caught. I know spamassasin looks at a lot more than subject lines, but Does anyone know what I can do to increase spamassasin’s ability to detect spam? My threshold is set to 4.6.
>
> "Complete Our Survey, qualify for free-samples" 4.1
> "Re: Your Score-Changes on: 09/26/2014*" 2.9
> "Weird 30 second trick cURES Diabetes..” 4.1
> "Quality Window Replacement Deals” 4.4
> "Find a PhD degree online in the specialty field” 2.8
> "Your background check is Available online” 2.4
> "Perfect vision with one weird trick” 0.0
>
Please try to reply the questions below so others get a better picture
of your setup/issue.
- Please post missed spam samples in pastebin.com - do not post samples
to mailing list
- What SA version are you using
- How are using SA?
(amavis, milter, Mailscanner, procmail, Fuglu, etc, etc)
- Are you using SA in a PC/notebook? or on a server?
- What plugins are you using?
(Razor, Pyzor, DCC, etc)
- Are you using a local, non forwarding, DNS resolver/caching server ?
Axb
Re: Spamassasin not as effective anymore
Posted by Anthony Cartmell <li...@fonant.com>.
>> I’ve be using spamassasin for a number of years with excellent results.
>
> I recently updated my SA version to 3.4.0_13 and found that it caught
> much more than it had been. It’s not enough to run sa-update, you need
> to keep the install version up to date as well.
Just updated SA to 3.4.0 on CentOS 6 using:
http://copr.fedoraproject.org/coprs/kevin/spamassassin-el/
which seems to be a neat re-package of FC21's spamassassin for EL5 and
EL6. Kevin is a Fedora project person responsible for spamassassin, so he
should know what he's doing :)
Anthony
--
www.fonant.com - Quality web sites
Tel. 01903 867 810
Fonant Ltd is registered in England and Wales, company No. 7006596
Registered office: Amelia House, Crescent Road, Worthing, West Sussex,
BN11 1QR
Re: Spamassasin not as effective anymore
Posted by LuKreme <kr...@kreme.com>.
On 28 Sep 2014, at 12:41 , Jason Haar <Ja...@trimble.com> wrote:
> On 29/09/14 04:11, LuKreme wrote:
>> I recently updated my SA version to 3.4.0_13 and found that it caught
>> much more than it had been. It’s not enough to run sa-update, you need
>> to keep the install version up to date as well.
>
> What is 3.4.0_13?
That’s the version reported by ports. Normally that means something like “Version 3.4.0 patch 13.”
--
A good friend will come and bail you out of jail but a true friend will
be sitting next to you saying, "Dang, that was fun."
Re: Spamassasin not as effective anymore
Posted by RW <rw...@googlemail.com>.
On Mon, 29 Sep 2014 07:41:57 +1300
Jason Haar wrote:
> On 29/09/14 04:11, LuKreme wrote:
> > I recently updated my SA version to 3.4.0_13 and found that it
> > caught much more than it had been. It?s not enough to run
> > sa-update, you need to keep the install version up to date as well.
>
> What is 3.4.0_13? The version on the home website is still 3.4.0? Is
> it true there were some bugfixes fixed since that corrected some
> scoring issues? Pretty sure we'd all like to be running the "current"
> release
The _13 is the FreeBSD port revision number
Re: Spamassasin not as effective anymore
Posted by Jason Haar <Ja...@trimble.com>.
On 29/09/14 04:11, LuKreme wrote:
> I recently updated my SA version to 3.4.0_13 and found that it caught
> much more than it had been. It’s not enough to run sa-update, you need
> to keep the install version up to date as well.
What is 3.4.0_13? The version on the home website is still 3.4.0? Is it
true there were some bugfixes fixed since that corrected some scoring
issues? Pretty sure we'd all like to be running the "current" release
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Re: Spamassasin not as effective anymore
Posted by LuKreme <kr...@kreme.com>.
On 26 Sep 2014, at 20:59 , Lorenzo Thurman <lo...@thethurmans.com> wrote:
> I’ve be using spamassasin for a number of years with excellent results.
I recently updated my SA version to 3.4.0_13 and found that it caught much more than it had been. It’s not enough to run sa-update, you need to keep the install version up to date as well.
--
Hard work pays off in the future. Laziness pays off now.