Spamassassin negative score? {Scanned}

Julian Field mailscanner at ecs.soton.ac.uk
Wed Jan 14 16:36:05 GMT 2004


At 15:41 14/01/2004, you wrote:
>Julian wrote:
> > And make sure you are using the spamhaus xbl or xbl-sbl lists.
>
>Yeah, I'm using the following and still about 200 spam e-mails daily come
>through:
>
>Spam List = ORDB-RBL spamhaus.org spamcop.net NJABL
>
>Am I missing some others (other than the paid services that is)?

Yes. Add a line into spam.lists.conf that says this:

SBL+XBL             sbl-xbl.spamhaus.org.

then in your "Spam List =" setting above, remove "spamhaus.org" and replace
it with "SBL+XBL". This will catch significantly more spam.

Obviously you need to "reload" or "restart" MailScanner after changing
these two things.

>----- Original Message -----
>From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
>To: <MAILSCANNER at JISCMAIL.AC.UK>
>Sent: Wednesday, January 14, 2004 10:30 AM
>Subject: Re: Spamassassin negative score? {Scanned}
>
>
> > No, it still wouldn't have been marked as spam. The score from the other
> > rules is too low.
> >
> > Definitely worth adding the BigEvil.cf list, it helps quite a bit.
> > And make sure you are using the spamhaus xbl or xbl-sbl lists.
> >
> > At 15:22 14/01/2004, you wrote:
> > >Julian,
> > >
> > >If I disable bayes, will they still be tagged as spam? Also, I just ran
> > >accross the BigEvilList Version 2.06g in some old posts and wondering if
> > >this will work better?
> > >
> > >Thanks as always for all the help and the awsome work you do!!!
> > >
> > >SW
> > >----- Original Message -----
> > >From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
> > >To: <MAILSCANNER at JISCMAIL.AC.UK>
> > >Sent: Wednesday, January 14, 2004 10:06 AM
> > >Subject: Re: Spamassassin negative score? {Scanned}
> > >
> > >
> > > > They have managed to poison your Bayes database enough that it is
> > >convinced
> > > > this message is not spam (BAYES_00 -4.90 in the headers you included).
> > > >
> > > > You may want to change the score of the low-numbered BAYES_xx rules so
> > >they
> > > > are a lot smaller. But then you will need to keep an eye open for
>false
> > > > positives. The other option is to disable bayes altogether with
> > > > use_bayes 0
> > > > in spam.assassin.prefs.conf
> > > >
> > > > At 14:57 14/01/2004, you wrote:
> > > > >Hi folks,
> > > > >
> > > > >I'm just trying to figure out how lately lots of spam gets a
>'negative'
> > > > >score resulting in not being seen as spam? Do I need to make some
>changes
> > >in
> > > > >Mailscanner.conf to fix this problem or is this a known loophole
>spammers
> > > > >use?
> > > > >
> > > > >Here is an example of an e-mail w/ a Spamassassin score of -4.7:
> > > > >
> > > > >Return-Path: <bqwkhmczr at el-nacional.com>
> > > > >Received: from dhcp15-67.cable.conwaycorp.net
> > > > >(JeW_91122_ at dhcp15-67.cable.conwaycorp.net [24.144.15.67] (may be
> > >forged))
> > > > >  by wppi.com (8.10.2/8.10.2) with SMTP id i0EDvdf00591
> > > > >  for <ae at wppi.com>; Wed, 14 Jan 2004 08:57:39 -0500
> > > > >Received: from [24.144.15.67] by 3001hosting.comIP with HTTP;
> > > > >  Wed, 14 Jan 2004 14:49:27 +0100
> > > > >From: "Chasity" <bqwkhmczr at el-nacional.com>
> > > > >To: ae at wppi.com
> > > > >Subject: Re: YQBNAMQ, voice resounded over {Scanned}
> > > > >Mime-Version: 1.0
> > > > >X-Mailer: mPOP Web-Mail 2.19
> > > > >X-Originating-IP: [3001hosting.comIP]
> > > > >Date: Wed, 14 Jan 2004 14:58:27 +0100
> > > > >Reply-To: "Sorensen" <bqwkhmczr at el-nacional.com>
> > > > >Content-Type: multipart/alternative;
> > > > >  boundary="--ALT--VKRT28948427261974"
> > > > >Message-Id: <KUHJGFR-0003467606015 at cruelty>
> > > > >X-WPPi-MailScanner-Information: Please contact WPPi for more
>information
> > > > >X-WPPi-MailScanner: Found to be clean
> > > > >X-WPPi-MailScanner-SpamCheck: not spam, SpamAssassin (score=-4.7,
> > >required
> > > > >4,
> > > > >  BAYES_00 -4.90, HTML_MESSAGE 0.10, NORMAL_HTTP_TO_IP 0.10)
> > > > >X-UIDL: joV"!$mT"!"!E!!%!3!!
> > > > >
> > > > >
> > > > >
> > > > >-------------------------------------------------
> > > > >         WPPi.com        |        WPPi.Net
> > > > >-------------------------------------------------
> > > > >   http://www.wppi.com   |  http://www.wppi.net
> > > > >-------------------------------------------------
> > > > >WPPi.com & WPPi.Net MailScanner Signature
> > > > >This message has been scanned for viruses
> > > > >and dangerous content by WPPi MailScanner,
> > > > >and has been found to be clean.
> > > > >-------------------------------------------------
> > > >
> > > > --
> > > > Julian Field
> > > > www.MailScanner.info
> > > > MailScanner thanks transtec Computers for their support
> > > >
> > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > > >
> > > > -------------------------------------------------
> > > >         WPPi.com        |        WPPi.Net
> > > > -------------------------------------------------
> > > >   http://www.wppi.com   |  http://www.wppi.net
> > > > -------------------------------------------------
> > > > WPPi.com & WPPi.Net MailScanner Signature
> > > > This message has been scanned for viruses
> > > > and dangerous content by WPPi MailScanner,
> > > > and has been found to be clean.
> > > > -------------------------------------------------
> > > >
> > >
> > >
> > >
> > >-------------------------------------------------
> > >         WPPi.com        |        WPPi.Net
> > >-------------------------------------------------
> > >   http://www.wppi.com   |  http://www.wppi.net
> > >-------------------------------------------------
> > >WPPi.com & WPPi.Net MailScanner Signature
> > >This message has been scanned for viruses
> > >and dangerous content by WPPi MailScanner,
> > >and has been found to be clean.
> > >-------------------------------------------------
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> > -------------------------------------------------
> >         WPPi.com        |        WPPi.Net
> > -------------------------------------------------
> >   http://www.wppi.com   |  http://www.wppi.net
> > -------------------------------------------------
> > WPPi.com & WPPi.Net MailScanner Signature
> > This message has been scanned for viruses
> > and dangerous content by WPPi MailScanner,
> > and has been found to be clean.
> > -------------------------------------------------
> >
> >
>
>
>
>-------------------------------------------------
>         WPPi.com        |        WPPi.Net
>-------------------------------------------------
>   http://www.wppi.com   |  http://www.wppi.net
>-------------------------------------------------
>WPPi.com & WPPi.Net MailScanner Signature
>This message has been scanned for viruses
>and dangerous content by WPPi MailScanner,
>and has been found to be clean.
>-------------------------------------------------

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list