You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Kyle Quillen <kq...@wifi7.com> on 2006/12/20 16:32:11 UTC
Whitelist and Excessive Spam Please Help
Hello All,
I have a few issues with our filtering and am not sure how to make
things better. The main issue that I have is that I have created a
whitelist.cf file in /etc/mail/spamassassin but with the following
whitelist_from_rcvd vintagequill@adelphia.net adelphia.net
whitelist_from_rcvd jpgraham1960@hotmail.com hotmail.com
whitelist_from_rcvd @dell.com dell.com
they are still getting tagged as spam. here is what the header
information is comeing up with.
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on mx.wifi7.com
X-Spam-Level: **
X-Spam-Status: Yes, score=2.8 required=2.0
tests=AWL,BAYES_50,J_CHICKENPOX_12,
J_CHICKENPOX_31,MIME_BASE64_NO_NAME,NO_REAL_NAME,SARE_SUB_ENC_UTF8,
SUBJECT_EXCESS_BASE64,SUBJ_HAS_UNIQ_ID autolearn=no version=3.1.7
X-Spam-Report:
* 1.0 NO_REAL_NAME From: does not include a real name
* 0.2 SUBJ_HAS_UNIQ_ID Subject contains a unique ID
* 0.6 J_CHICKENPOX_12 BODY: 1alpha-pock-2alpha
* 0.6 J_CHICKENPOX_31 BODY: 3alpha-pock-1alpha
* 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
* [score: 0.5000]
* 0.2 MIME_BASE64_NO_NAME RAW: base64 attachment does not have a
file
* name
* 0.2 SARE_SUB_ENC_UTF8 Message uses character set often used in
spam
* 0.4 SUBJECT_EXCESS_BASE64 Subject: base64 encoded encoded
unnecessarily
* -0.3 AWL AWL: From: address is in the auto white-list
Received: from unknown (HELO ausc60ps301.us.dell.com) (143.166.148.206)
I am not really sure where to go from here to make sure that my boss
gets his dell emails...
The other issue that I have is it seems that I have to have my spam
score down to about 2.0 in order to knock out enough spam for our
clients not to complain is this action abnormal. What could I have
wrong?
THanks Much
Q
Re: Whitelist and Excessive Spam Please Help
Posted by Theo Van Dinter <fe...@apache.org>.
On Wed, Dec 20, 2006 at 11:00:17AM -0500, Kyle Quillen wrote:
> Ok when I type spamassassin -D it stops at
>
> [25555] dbg: dns: is Net::DNS::Resolver available? yes
> [25555] dbg: dns: Net::DNS version: 0.48
>
> and then just sits there waiting for something. I read somewhere that
> it wanted to be fed a message but I am unclear as to how to do that.
"spamassassin -D < message_file"
--
Randomly Selected Tagline:
I made it foolproof, but they're making better fools...
Re: Whitelist and Excessive Spam Please Help
Posted by Kyle Quillen <kq...@wifi7.com>.
On Wed, 2006-12-20 at 16:49 +0100, Matthias Leisi wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Kyle Quillen wrote:
>
> > I have a few issues with our filtering and am not sure how to make
> > things better. The main issue that I have is that I have created a
> > whitelist.cf file in /etc/mail/spamassassin but with the following
> > [..]
> >
> > I am not really sure where to go from here to make sure that my boss
> > gets his dell emails...
>
> spamassassin -D
>
> and/or http://www.dnswl.org/tech (disclaimer: I'm inovlved with this
> project)
>
Ok when I type spamassassin -D it stops at
[25555] dbg: dns: is Net::DNS::Resolver available? yes
[25555] dbg: dns: Net::DNS version: 0.48
and then just sits there waiting for something. I read somewhere that
it wanted to be fed a message but I am unclear as to how to do that.
>
> > The other issue that I have is it seems that I have to have my spam
> > score down to about 2.0 in order to knock out enough spam for our
> > clients not to complain is this action abnormal. What could I have
> > wrong?
>
> You do not use sa-update?
I have a cron job set to run sa-update on a nightly basis At least I
think that is what my issue is. I am slowly learning how all of this
works. Should I be doing something else?
Thanks
Q
> - -- Matthias
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>
> iD8DBQFFiVt7xbHw2nyi/okRAoaoAKCZrztzaaEYHq4kxoIq9ho6YK+enQCeJgZR
> ExavKUSJTjYvMaL74ZmsjLs=
> =xzol
> -----END PGP SIGNATURE-----
>
Re: Whitelist and Excessive Spam Please Help
Posted by Matthias Leisi <ma...@leisi.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kyle Quillen wrote:
> I have a few issues with our filtering and am not sure how to make
> things better. The main issue that I have is that I have created a
> whitelist.cf file in /etc/mail/spamassassin but with the following
> [..]
>
> I am not really sure where to go from here to make sure that my boss
> gets his dell emails...
spamassassin -D
and/or http://www.dnswl.org/tech (disclaimer: I'm inovlved with this
project)
> The other issue that I have is it seems that I have to have my spam
> score down to about 2.0 in order to knock out enough spam for our
> clients not to complain is this action abnormal. What could I have
> wrong?
You do not use sa-update?
- -- Matthias
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFFiVt7xbHw2nyi/okRAoaoAKCZrztzaaEYHq4kxoIq9ho6YK+enQCeJgZR
ExavKUSJTjYvMaL74ZmsjLs=
=xzol
-----END PGP SIGNATURE-----
RE: Whitelist and Excessive Spam Please Help
Posted by "Coffey, Neal" <nc...@langeveld.com>.
Kyle Quillen wrote:
> they are still getting tagged as spam.
>
> ...
> X-Spam-Status: Yes, score=2.8 required=2.0
Of course they're still getting tagged as spam. A score of 2.0 is way,
Way, WAY too low a score to be reasonable. At my site it's set to 3.5,
and it's still very aggressive, requiring plenty of whitelisting. I
wouldn't set it to anything lower than that. You're better off keeping
it at 5.0, and raising scores (and creating new ones) to push spam
higher, instead of trying to push ham lower.
Also, nowhere in that header does it show USER_IN_WHITELIST_TO actually
hit the message, so your whitelisting didn't apply anyway. I suspect
this is because whatever MTA you're using couldn't do the reverse lookup
on 143.166.148.206 (it just says "from unknown").