Need Recommendations

Matt Kettler mkettler at EVI-INC.COM
Fri May 6 18:47:10 IST 2005 

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Derek Catanzaro wrote:

>
>
> I have upgraded my outdated MX server running on FC1 to the following:
> mailscanner-4.41.3-1
> spamassassin 3.0.3
>
> I was getting slammed with SPAM this week and the upgrade has helped.
> I continue to get quite a few SPAM messages regarding stock quotes
> that are driving my users crazy so I need to figure out how to stop
> these emails. Thanks for everyone's suggestions and if you may have
> any insight on the SPAM I continue to receive I have included the
> header info on one of them.
>
> HEADER FROM ONE OF THE STOCK SPAM MSGS
>
<snip>

> X-pca-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.267,
> required 4,
> BAYES_00 -2.60, FORGED_MUA_IMS 2.37, HELO_DYNAMIC_IPADDR2 3.50)


Looking at that, in addition to martin's suggestions, I'd suggest doing
some manual bayes training of these messages with sa-learn.

However, before doing so, MAKE SURE that your spam.assassin.prefs.conf
doesn't contain an in-use bayes_path statement.

If it does, you'll need to copy that setting into
/root/.spamassassin/user_prefs. Otherwise when root trains mail with
sa-learn, all the learning will go into /root/.spamassassin, and not be
used by mailscanner. You'll also want to copy other relevant bayes
settings like your bayes_ignore_header X-pca-MailScanner-Spamcheck, etc.

Ideally if you really feel the need to use a bayes_path statement, it
should be in /etc/mail/spamassassin/local.cf, not in any user_prefs file
(including spam.assassin.prefs.conf), and it should be coupled with a
bayes_file_mode 0777 statement. (site-wide, globally usable bayes db).
But, for now doing it this way works, despite the docs saying it won't work.

When training, make sure to bring a copy of the real message with
complete headers to sa-learn. Don't forward it with a mail-client's
forward feature.. Forwarding rewrites the headers and will cause
sa-learn to record the fact that all mail with headers like the
following are common in spam:
    From: Matt Kettler <mkettxxx at evi-inc.com>
Not such a good thing.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list