Bayes and spam increase?
Jeff A. Earickson
jaearick at COLBY.EDU
Wed Feb 9 15:55:25 GMT 2005
Martin,
Thanks, I'll give these a test drive in my spam.assassin.prefs.conf.
time to look at rulesemporium again, haven't since SA 2.6.
Jeff Earickson
On Wed, 9 Feb 2005, Martin Hepworth wrote:
> Date: Wed, 9 Feb 2005 09:33:49 +0000
> From: Martin Hepworth <martinh at SOLID-STATE-LOGIC.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Bayes and spam increase?
>
> Jeff
>
> there's some good rules on www.rulesemporium.com than deal with bayes
> posoining attacks...
>
> I also use the following in my local.cf
>
> ## look for strings of randoms words with no punctuation..
> rawbody CP_RANDOMWORD_10
> /(?:\b(?!(?:from|even|more|were|with)\b)[a-z]{4,12}\s+){10}/
> describe CP_RANDOMWORD_10 string of 10+ random words
> score CP_RANDOMWORD_10 0.5
>
> rawbody CP_RANDOMWORD_15
> /(?:\b(?!(?:from|even|more|were|with)\b)[a-z]{4,12}\s+){15}/
> describe CP_RANDOMWORD_15 string of 15+ random words
> score CP_RANDOMWORD_15 2.5
>
> uri BAYES_BUSTER /rx359|2004hosting|530000X|openseed|er5hdh|quickforms/i
> describe BAYES_BUSTER Trying to bypass BAYES
> score BAYES_BUSTER 10.0
>
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Jeff A. Earickson wrote:
>> This sounds like the "bayes poisoning" issue that has been discussed
>> numerous times on this list. I've kept the following in my
>> spam.assassin.prefs.conf file:
>>
>> score BAYES_00 0 0 -0.05 -0.05
>> score BAYES_01 0 0 -0.04 -0.04
>> score BAYES_10 0 0 -0.03 -0.03
>> score BAYES_20 0 0 -0.02 -0.02
>> score BAYES_30 0 0 -0.01 -0.01
>>
>> I don't trust Bayes enough to let it substantially lower a score --
>> only to increase a score.
>>
>> Jeff Earickson
>> Colby College
>>
>> On Mon, 7 Feb 2005, Magda Hewryk wrote:
>>
>>> Date: Mon, 7 Feb 2005 13:22:41 -0500
>>> From: Magda Hewryk <MHewryk at SYMCOR.COM>
>>> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>> Subject: Re: Bayes and spam increase?
>>>
>>> Yes, I've got a lot untagged spam email on the weekend. I found
>>> BAYES_00
>>> -2.60 attached to all of them.
>>>
>>>
>>> Thanks,
>>>
>>> Magda
>>>
>>>
>>>
>>> Matt Kettler
>>> <mkettler at EVI-INC
>>> .COM> To
>>> Sent by: MAILSCANNER at JISCMAIL.AC.UK
>>> MailScanner cc
>>> mailing list
>>> <MAILSCANNER at JISC Subject
>>> MAIL.AC.UK> Re: Bayes and spam increase?
>>>
>>>
>>> 02/07/2005 11:23
>>> AM
>>>
>>>
>>> Please respond to
>>> MailScanner
>>> mailing list
>>> <MAILSCANNER at JISC
>>> MAIL.AC.UK>
>>>
>>>
>>>
>>>
>>>
>>>
>>> At 10:43 AM 2/7/2005, Fractal IT Dept. wrote:
>>>
>>>> Hi everyone!
>>>>
>>>> We've noticed an increase in the number of spam sneaking through with
>>>> scores "just under" our threshold. After looking through the headers for
>>>> these messages, I've noticed that bayes seems to have "no opinion" on
>>>> the
>>>> majority of these (ie. no bayes entry). Am I missing something? I
>>>> thought
>>>> bayes would score every message?
>>>
>>>
>>> That's not entirely true, especially for the 2.6 series.. in 2.6x or
>>> 2.5x,
>>> In those any "no matches" or other 50/50 chance does not get a BAYES_
>>> rule
>>> match.
>>>
>>> Can you tell us what version of SpamAssassin you are using?
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list