You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Odhiambo Washington <wa...@wananchi.com> on 2006/11/07 21:58:47 UTC
The greedy SA 3.1.7
Hi,
I have been watching one of my servers running 3.1.7 for several days.
With just the default install and a simplistic local.cf, this server is
scoring messages so highly that I have gotten suspicious.
I decided to deinstall and reinstall everything, even blew away all
bayes data!
I especially have an issue with the way it's scoring Mail Delivery
Failures, all of which seem to be classified as spam with very high
scores.
It would appear that NDR are not reaching my users, just because of this
behaviour.
Another thing I have noted is the fact that even legit mail is being
scored highly as spam, but it is the scores that are really amazing.
I have used rulesdujour sparingly, with the following rules:
TRUSTED_RULESETS="
TRIPWIRE
ANTIDRUG
SARE_ADULT
SARE_SPOOF
SARE_OEM
SARE_HEADER
SARE_OBFU
SARE_GENLSUBJ
SARE_UNSUB
SARE_WHITELIST
"
I have even disabled all these rules, but still, the SA seems to have
developed a mind of its own.
Now I am lost as to why this should happen.
I have put my local.cf at http://mx0.wananchi.com/sa/
I have also put in there a file named sample-data.txt which contains
an extract of my MTA's logs as SA is rejecting data. I am logging the
data with the following fields:
DISCARD_SPAM:
Size::$message_size
Score::SA_SCORE
F:sender_addr
T:recipient_addr
S:message_subject
PS: This data is here for a few hours only..
Again, it's simply amazing how much score (and damage) SA seems to be
showing.
Please advise.
-Wash
http://www.netmeister.org/news/learn2quote.html
DISCLAIMER: See http://www.wananchi.com/bms/terms.php
--
+======================================================================+
|\ _,,,---,,_ | Odhiambo Washington <wa...@wananchi.com>
Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com
|,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922
'---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121
+======================================================================+
When Marriage is Outlawed,
Only Outlaws will have Inlaws.
Re: The greedy SA 3.1.7
Posted by Odhiambo Washington <wa...@wananchi.com>.
* On 07/11/06 20:23 -0500, Matt Kettler wrote:
| Odhiambo Washington wrote:
| > Hi,
| >
| > I have been watching one of my servers running 3.1.7 for several days.
| >
| >
| <snip>
| > I have used rulesdujour sparingly, with the following rules:
| >
| > TRUSTED_RULESETS="
| > TRIPWIRE
| > ANTIDRUG
| >
| It's not part of your problem, but: Do NOT use antidrug with SA 3.0.0 or
| higher. (I'm the author of antidrug.)
| These rules are already a part of SA 3.0.0 and higher, and if I, or
| anyone else, ever makes fixes to the main codebase, this file will
| downgrade those changes.
Noted with thanks
Best regards,
Odhiambo Washington
Systems Admin,
Wananchi Online Ltd.
Are you hosting your domain name with the leaders??:
See http://webhosting.info/webhosts/tophosts/Country/KE
DISCLAIMER: See http://www.wananchi.com/bms/terms.php
----------------------------------+-----------------------------------------
Odhiambo WASHINGTON . WANANCHI ONLINE LTD (Nairobi, KE)
http://www.wananchi.com/email/ . 1ere Etage, Laptrust Plaza, Loita St.,
Mobile: (+254) 722 743 223 . # 10286, 00100 NAIROBI
----------------------------------+-----------------------------------------
Pleasant words are a honeycomb,
sweet to the soul and healing to the bones.
Proverbs 16:24
Re: The greedy SA 3.1.7
Posted by Matt Kettler <mk...@verizon.net>.
Odhiambo Washington wrote:
> Hi,
>
> I have been watching one of my servers running 3.1.7 for several days.
>
>
<snip>
> I have used rulesdujour sparingly, with the following rules:
>
> TRUSTED_RULESETS="
> TRIPWIRE
> ANTIDRUG
>
It's not part of your problem, but: Do NOT use antidrug with SA 3.0.0 or
higher. (I'm the author of antidrug.)
These rules are already a part of SA 3.0.0 and higher, and if I, or
anyone else, ever makes fixes to the main codebase, this file will
downgrade those changes.
Re: The greedy SA 3.1.7
Posted by "John D. Hardin" <jh...@impsec.org>.
On Wed, 8 Nov 2006, Odhiambo Washington wrote:
> Well, I have told my MTA to reject mail that scores above 7, so
> yes, I am responsible for these "not getting there", but SA is
> responsible for the high scores, which is what I am trying to
> address.
IMHO (and, I believe, in common practice) 7 is *way* too low a score
for automatic message deletion. I delete at 10+ and can bump it up to
15+ when testing a new ruleset.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The difference is that Unix has had thirty years of technical
types demanding basic functionality of it. And the Macintosh has
had fifteen years of interface fascist users shaping its progress.
Windows has the hairpin turns of the Microsoft marketing machine
and that's all. -- Red Drag Diva
-----------------------------------------------------------------------
Re: The greedy SA 3.1.7
Posted by Odhiambo Washington <wa...@wananchi.com>.
* On 07/11/06 13:19 -0800, Evan Platt wrote:
| At 12:58 PM 11/7/2006, you wrote:
| >It would appear that NDR are not reaching my users, just because of this
| >behaviour.
|
| Why? SpamAssassin isn't deleting messages, so what else is?
Well, I have told my MTA to reject mail that scores above 7, so yes, I
am responsible for these "not getting there", but SA is responsible for
the high scores, which is what I am trying to address.
| >Another thing I have noted is the fact that even legit mail is being
| >scored highly as spam, but it is the scores that are really amazing.
| >I have also put in there a file named sample-data.txt which contains
| >an extract of my MTA's logs as SA is rejecting data. I am logging the
| >data with the following fields:
|
| SpamAssassin isn't rejecting anything.
My problem is not with rejections, but with the wildly "high scores" ;)
| Put on your website a sample message with spamassasin markup.
Okay. I am gonna do this in a few minutes
-Wash
http://www.netmeister.org/news/learn2quote.html
DISCLAIMER: See http://www.wananchi.com/bms/terms.php
--
+======================================================================+
|\ _,,,---,,_ | Odhiambo Washington <wa...@wananchi.com>
Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com
|,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922
'---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121
+======================================================================+
The average woman would rather have beauty than brains, because the
average man can see better than he can think.
Re: The greedy SA 3.1.7
Posted by Evan Platt <ev...@espphotography.com>.
At 12:58 PM 11/7/2006, you wrote:
>It would appear that NDR are not reaching my users, just because of this
>behaviour.
Why? SpamAssassin isn't deleting messages, so what else is?
>Another thing I have noted is the fact that even legit mail is being
>scored highly as spam, but it is the scores that are really amazing.
>I have also put in there a file named sample-data.txt which contains
>an extract of my MTA's logs as SA is rejecting data. I am logging the
>data with the following fields:
SpamAssassin isn't rejecting anything.
>DISCARD_SPAM:
>Size::$message_size
>Score::SA_SCORE
>F:sender_addr
>T:recipient_addr
>S:message_subject
>
>PS: This data is here for a few hours only..
>
>
>Again, it's simply amazing how much score (and damage) SA seems to be
>showing.
>
>
>Please advise.
Put on your website a sample message with spamassasin markup.