problem with bayes
Kosta Lekas
KLekas at FOXRIVER.COM
Fri Aug 26 21:42:25 IST 2005
I am using postfix 4.42.9
When I test a message using “spamassassin -D -t
--prefs-file=/etc/MailScanner/spam.assassin.prefs.conf --mbox
/home/spambin/mail/testspam” I get the following output so I know
bayes is working. But when the same message comes thru MS as a normal
email it does not trigger bayes test. I have includes my
spam.assassin.prefs.conf below
15 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
1.0 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: conuterimp.com]
0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL
blocklist
[URIs: conuterimp.com]
4.0 URIBL_JP_SURBL Has URI in JP at
http://www.surbl.org/lists.html
[URIs: conuterimp.com]
1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL
blocklist
[URIs: conuterimp.com]
3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
blocklist
[URIs: conuterimp.com]
4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL
blocklist
[URIs: conuterimp.com]
# =============== MailScanner: spam.assassin.prefs.conf ===============
# Version 2.13.1
# SpamAssassin preferences for MailScanner users should be placed in
# this file to avoid being overwritten by a SpamAssassin upgrade.
# For a complete listing of configurable parameters, please see:
# http://www.spamassassin.org/doc/Mail_SpamAssassin_Conf.html
# =============== SpamAssassin Preferences ===============
#
# the file installed by SpamAssassin:
# /etc/mail/spamassassin/local.cf
# Should be disabled
# typically use these commands:
# mv /etc/mail/spamassassin/local.cf \
# /etc/mail/spamassassin/local.cf.saved
# When running SpamAssassin or sa-learn from the command line,
# or a script, you should always specify that SpamAssassin use
# this file to load SpamAssassin preferences, i.e:
# sa-learn --ham -p /etc/MailScanner/spam.assassin.prefs.conf \
# --mbox ham_mbox
# spamassassin -D -p etc/MailScanner/spam.assassin.prefs.conf \
# --lint
# Additional SpamAssassin rule files should be placed in:
# /etc/mail/spamassasssin (default location)
# or in the directory specified in MailScanner.conf setting:
# SpamAssassin Local Rules Dir =
# dns_available { yes | test[: name1 name2...] | no } (default: test)
# By default, SpamAssassin will query some default hosts on the internet
# to attempt to check if DNS is working on not. The problem is that it
can
# introduce some delay if your network connection is down, and in some
# cases it can wrongly guess that DNS is unavailable because the test
# connections failed. SpamAssassin includes a default set of 13 servers,
# among which 3 are picked randomly.
dns_available yes
# =============== White list and Black list addresses ===============
# While you can white list here but see below for a better place.
# White list addresses should be added in
# /etc/MailScanner/rules/spam.whitelist.rules
# Black list addresses should be added in
# /etc/MailScanner/rules/spam.blacklist.rules
# FSL Notes: we need to set the default rule for:
# Is Definitely Spam = no
# to:
# %rules-dir/spam.blacklist.rules
# and create a default rules-dir/spam.blacklist.rules file
# =============== OK Locales ===============
ok_locales en zh
ok_languages en zh
# FSL Notes: we only support English this is unnecessary
# =============== Bayesian Filtering ===============
# By default, the Bayesian engine is used. This is a real CPU hog
# and uses a lot of system resources to work.
# On a small overloaded system, you might need to disable it.
use_bayes 1
# If your root filesystem is filling up because SpamAssassin is putting
# large databases in /.spamassassin or /root/.spamassassin, you can
# move them using the following lines to point to their new locations.
# The last part of the path is not a directory name, but actually the
# start of the filenames. So with the settings below, the Bayes files
# will be created as /var/spool/spamassassin/bayes_msgcount, etc.
# FSL Note: we need to coordinate the Bayes File Placement
# With MailWatch
bayes_path /var/spool/MailScanner/spamassassin/bayes
bayes_file_mode 0644
# Bump up SpamAssassin scores on the high and low end
score BAYES_00 -15.0
score BAYES_05 -5.0
score BAYES_95 5.0
score BAYES_99 15.0
# To disable bayes autolearn set to 0 to enable set to 1
bayes_auto_learn 0
# For feeding spam and and ham for saved messages, mailboxes
# or directories:
# This MUST be customized for each site :(
# Change X-YOURDOMAIN-COM to match your %org-name% as
# set in MailScanner.conf
#bayes_ignore_header FRFR-MailScanner
#bayes_ignore_header FRFR-MailScanner-SpamCheck
##bayes_ignore_header FRFR-MailScanner-SpamScore
#bayes_ignore_header FRFR-MailScanner-Information
# When using the scheduled Bayes expiry feature, in MailScanner.conf
# you probably want to turn off auto-expiry in SpamAssassin as it will
# rarely complete before it is killed for taking too long.
# You will just end up with # MailScanner: big bayes_toks.new files
# wasting space.
# FSL Note: we run Bayes expire from a cron job
bayes_auto_expire 0
# If you are using a UNIX machine with all database files on local disks,
# and no sharing of those databases across NFS filesystems, you can use a
# more efficient, but non-NFS-safe, locking mechanism. Do this by
adding
# the line "lock_method flock" to the /etc/mail/spamassassin/local.cf
# file. This is strongly recommended if you're not using NFS, as it is
# much faster than the NFS-safe locker.
lock_method flock
# The --auto-whitelist and -a options for "spamd" and "spamassassin" to
# turn on the auto-whitelist have been removed and replaced by the
# "use_auto_whitelist" configuration option which is also now turned on
by
# default.
use_auto_whitelist 0
auto_whitelist_path
/var/spool/MailScanner/spamassassin/auto-whitelist
auto_whitelist_file_mode 0660
# =============== RBSL related items ===============
# By default, SpamAssassin will run RBL checks. If your ISP already
# does this, stop RBL checks in SpamAssassin by un-commenting the
# following line
# skip_rbl_checks 1
# paths to utilities
pyzor_path /usr/bin/pyzor
dcc_path /usr/bin/dccproc
# Uncomment the lines below to stop using the specific service
# To stop Razor2 checks, uncomment the following line
use_razor2 0
# To stop DCC checks, uncomment the following line
# use_dcc 0
# To stop Pyzor checks, uncomment the following line
use_pyzor 0
# The timeouts for blacklists and Razor are rather generous in the
# default state that SpamAssassin is shipped. Reducing these
# stops a lot of timeouts from removing SpamAssassin scores
# altogether.
rbl_timeout 20
razor_timeout 10
pyzor_timeout 10
# If you specify these scores, SpamAssassin will do RBL checks as well
# as MailScanner, which just wastes CPU power and network bandwidth.
# Either do them here by un-commenting the rules below
# (if you have paid for them) or else uncomment the "skip_rbl_checks" #
# line above and let MailScanner do the checks instead.
#score RCVD_IN_BL_SPAMCOP_NET 4
# These next 3 will cost you money, see mailscanner.conf.
#score RCVD_IN_RBL 10
#score RCVD_IN_RSS 1
#score RCVD_IN_DUL 1
# =============== SpamAssassin Header Processing ===============
# SpamAssassin will attempt to discover the address used in the 'MAIL
FROM:'
# phase of the SMTP transaction that delivered this message, if this data
# has been made available by the SMTP server. This is used in the
EnvelopeFrom
# pseudo-header, and for various rules such as SPF checking.
# This should be explicitly set for MailScanner
envelope_sender_header X-MailScanner-From
# =============== Adding SpamAssassin Rules ===============
# Add your own customized scores for some tests below. The default
# scores are read from the installed "spamassassin.cf" file, but you
# can override or disable the here.
# To see the list of tests and their default scores, go to
# http://spamassassin.taint.org/tests.html
# These next 3 lines will add a local rule to SpamAssassin to help
# protect you from the friendlygreetings.com nasty-gram which will
# send lots of spam from your PC if you let it. Not really a virus,
# but you don't want your users all clicking on it.
header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i
describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS 100.0
header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i
describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS2 100.0
# =============== Disable SpamAssassin Rules ===============
# To disable a SpamAssassin rule simply add an uncommented
# line similar to:
# score SUBJ_ILLEGAL_CHARS 0.0
score CHARSET_FARAWAY_HEADER 0.0
# =============== Change SpamAssassin Rules scores ===============
# To Change a SpamAssassin rule Score simply add an uncommented
# line similar to:
# score SUBJ_ILLEGAL_CHARS 2.1
# =============== Special Case Rules ===============
# IE explorer spoofing
uri IE_VULN /%([01][0-9a-f]|7f).*@/i
score IE_VULN 100.0
describe IE_VULN Internet Explorer vulnerability
# added Mon Jan 12 16:14:04 EST 2004 to stop the forgers of
# Not needed ins SA 3.0
# HABEAUS headers
# score HABEAS_SWE -2.0
#### Special Case Rules #####
# =============== Historic Rules ===============
# Osirusoft RBSL is dead
# score RCVD_IN_OSIRUSOFT_COM 0.0
# score X_OSIRU_OPEN_RELAY 0.0
# score X_OSIRU_DUL 0.0
# score X_OSIRU_SPAM_SRC 0.0
# score X_OSIRU_SPAMWARE_SITE 0.0
# score X_OSIRU_DUL_FH 0.0
# score RCVD_IN_RFCI 0.0
# score DNS_FROM_RFCI_DSN 0.0
# =============== Your Edits Go Here ===============
score RCVD_IN_RSL 0
# Steve at fsl.com edit Sun Jan 16 12:17:16 CST 2005
# disable the ALL_TRUSTED ruleset that comes with SA 3.x.
# It's generating too many false positives
# If you have problems where ALL_TRUSTED is matching external email,
# including spam, then SpamAssassin has become confused about which hosts
are
# a part of your trusted_networks. The most common cause of this is
having a
# gateway mail exchanger that has a reserved IP and gets NATed by your
# firewall. Fortunately the problem is easy to fix by manually declaring
a
# trusted_networks setting. See man Mail::SpamAssassin::Conf for details.
# Once manually set, SA won't try to guess.
#
# If that does not fix your problem, the other possibility is you have an
MTA
# that generates malformed Received: headers. If you've modified your
# Received: header format, please put it back to the standard format.
# SpamAssassin is quite tolerant of deviations from the RFC 2822 format,
but
# there are some combinations it can't handle. If the malformed headers
are
# being made by some form of network appliance that you can't fix, report
a
# bug to your vendor, and as a short-term fix set the score of
ALL_TRUSTED to
# 0. However, realize that other problems may occur as a result of the
# mis-parsed headers and the root cause does need fixing.
#
score ALL_TRUSTED -100
# JP data was taken out of the WS and SC SURBL zone files
# JP will be a separate list in SA 3.1
urirhssub URIBL_JP_SURBL multi.surbl.org. A 64
body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Has URI in JP at
http://www.surbl.org/lists.html
tflags URIBL_JP_SURBL net
score URIBL_JP_SURBL 4.0
trusted_networks 10.0/16 127/8
Kosta Lekas
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list