question re: spam mail

Leif Neland mailscanner-user at NELAND.DK
Fri Oct 14 07:22:18 IST 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

---- Original Message ----
From: "Jon Miller" <jlmiller at MMTNETWORKS.COM.AU>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Friday, October 14, 2005 2:16 AM
Subject: question re: spam mail

> Maybe I'm not understanding the function of this program clearly.
> I'm still receiving various spam mail with all types of content
> ranging from free vacation to viagra to see my wife crap and the
> like.  I submit these e-mail as samples to a folder on the linux
> server and run a script that sa-learn reads and then delete the
> contents of the folder.
>
> Now from what I understood from someone on the list is that this has
> to happen several times before SA will learn that this is considered
> spam, is that correct?
> If so why not run the same junk through several times?  If I do it
> manually I see that sa-learn picks up on the information and learns
> that the submitted mail is spam.  If I run it a 2nd time it states it
> "Learned from 0 message(s) (14 message(s) examined)".

Because there is nothing new, it doesn't help running the samme messages 
through.

You might think the messages are the same, but the spammers add spelling 
mistakes to make the messages different, and they often add random sentences 
at the bottom of the mail to confuse the bayes-filter.

Viagra, vlagra vi agr a  etc are different words for the filter, but you 
recognize the word.

> So, if it's learned something from the 1st run why is it the same
> email can come through time and time again?

Because it is not quite the same email.
>
> Also in the header of some of these e-mails I can see that SA
> disabled itself (2nd e-mail header) or has timed out others are
> reporting the score in a either a negative (1st email header) or too
> low.

> X-mmtnet-MailScanner: Found to be clean
> X-mmtnet-MailScanner-SpamCheck: not spam,
>  SpamAssassin (Disabled due to 20 consecutive timeouts)

Is it an old slow machine?
Try increasing the timeout, and run mailscanner in debug-mode to see where 
it is slow.

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list