small spam score

[David Curtis]

I probably changed the bayes score in MS. I should probably change all
the bayes scores back to default. We have another spam filter that we
are going to replace with MS when we switch to Exchange and I have been
using what it caught as spam and adjusting my scores to make MS act more
like our current scanner. Probably a bad idea...maybe our existing
scanner is providing to many false positives.

Thanks.

>>> mkettler at EVI-INC.COM 2/10/2005 4:19:57 PM >>>
At 04:00 PM 2/10/2005, David Curtis wrote:
>I am still playing with spam scores. I had this e-mail make it
through.
>The score is correct but I would consider this spam. I would think
that
>an e-mail like this would make a higher score. Any advice would be
>welcome.
>
>SpamCheck: not spam, SpamAssassin (score=3.214,
>         required 4.5, BAYES_00 0.60, HTML_30_40 0.02, HTML_MESSAGE
>0.00,
>         MIME_QP_LONG_LINE 0.34, MISSING_MIMEOLE 0.01,
>         RCVD_IN_BSP_TRUSTED 2.22, TO_ADDRESS_EQ_REAL 0.03)

Really, everything in that header would suggest the message should be
very
strong non-spam.

Is your system heavily corrupted?

RCVD_IN_BSP_TRUSTED should have a negative score as it is a whitelist
of
legitimate mailers who are willing to pay cash if their subscribers
complain to bonded sender about spamming.

BAYES_00 should have a negative score.

1) are you positive it really is spam? It really looks like a
legitimate
subscriber-only newsletter to me. If it really is spam, file an abuse
complaint with BondedSender.com right away. (see "report abuse" all the
way
at the bottom of the left column on their website.) Why is your
BSP_TRUSTED
rule set to a positive score anyway? Have you had frequent FP problems
here
and set it positive as a reaction? Is your trusted_networks set
correctly?

2) If it really is spam, why is it hitting BAYES_00.. is your bayes DB
corrupt or mistrained? It looks like someone hand over-rode it to a
positive score.. If you're having to do something that extreme to
avoid
large numbers of FNs, you've got big problems in your bayes DB and you
should consider just turning it off entirely, or wiping and starting
fresh.

You might also want to consider modifying the
bayes_auto_learn_threshold_nonspam to something lower than the
default.
 From the looks of how you've scored BAYES_00 you've got poisoning
problems.


You really should not be seeing either BSP_TRUSTED or BAYES_00 in spam
aside from a rare few. If these are common in spam, you may need to do
some
more detailed examination of your setup.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!







This email may contain information protected under the Family
Educational Rights and Privacy Act (FERPA) or the Health Insurance
Portability and Accountability Act (HIPAA).  If this email contains
confidential and/or privileged health or student information and you
are not entitled to access such information under FERPA or HIPAA,
federal regulations require that you destroy this email without
reviewing it and you may not forward it to anyone.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!