spam scores
Martin Hepworth
martinh at SOLID-STATE-LOGIC.COM
Thu Sep 8 09:54:16 IST 2005
Dave
I'd look at what rules you in there that might (spamassassin rules).
There's a nice recommended set in the wiki (which I'm having problems
connecting to right now)....
Also you don't mention what version of SA. 3.0.4 is the latest stable and
fixes a few problems with the URI RBLS....I'd also add a few more of these
in the URI-BLACK is very good (see the wiki above).
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Dave Filchak
Sent: 08 September 2005 02:28
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: [MAILSCANNER] spam scores
Hello all,
Have been seeing a lot more spam getting through and have also recently
had to start a new bayes database. Below is the scores from an obvious
piece of spam. Looking at the scores assigned, I would think these
should have been higher. The total score here was 4.8 and my threshold
is 5 for spam and 10 for high scoring spam. Seems to me there is an
issue somewhere in my setup. This is a Linus RH 9 box and a CentOS box
for my secondary. My question is, (and I have looked through the
archives and did not find much that helped but maybe I searched with the
wrong keywords?) how can I A:) make spamassassin assign proper scores to
obvious spam, B:) train the bayes database ( cannot assign users ham and
spam folders .... it just would not work with my users). Any other
suggestions would also be welcomed.
Dave
1.00 DRUGS_ERECTILE Refers to an erectile drug
0.81 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr 2)
0.48 INFO_TLD Contains an URL in the INFO top-level domain
0.00 MANY_EXCLAMATIONS Subject has many exclamations
0.43 PLING_PLING Subject has lots of exclamation marks
1.54 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
0.54 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
Here is my setup on my main mail server:
MailScanner -V
This is Red Hat Linux release 9 (Shrike)
This is Perl version 5.008000 (5.8.0)
This is MailScanner version 4.44.6
Module versions are:
1.00 AnyDBM_File
1.14 Archive::Zip
1.01 Carp
1.119 Convert::BinHex
1.00 DirHandle
1.04 Fcntl
2.71 File::Basename
2.05 File::Copy
2.01 FileHandle
1.05 File::Path
0.13 File::Temp
1.29 HTML::Entities
3.45 HTML::Parser
2.30 HTML::TokeParser
1.20 IO
1.09 IO::File
1.122 IO::Pipe
1.50 Mail::Header
3.05 MIME::Base64
5.417 MIME::Decoder
5.417 MIME::Decoder::UU
5.417 MIME::Head
5.417 MIME::Parser
3.03 MIME::QuotedPrint
5.417 MIME::Tools
0.10 Net::CIDR
1.05 POSIX
1.75 Socket
0.03 Sys::Syslog
1.02 Time::localtime
Optional module versions are:
1.806 DB_File
1.10 Digest
1.01 Digest::HMAC
2.20 Digest::MD5
2.01 Digest::SHA1
0.44 Inline
0.17 Mail::ClamAV
3.000004 Mail::SpamAssassin
missing Mail::SPF::Query
missing Net::CIDR::Lite
0.48 Net::DNS
missing Net::LDAP
1.94 Parse::RecDescent
missing SAVI
missing Sys::Hostname::Long
2.26 Test::Harness
0.47 Test::Simple
1.89 Text::Balanced
1.21 URI
On my secondary:
MailScanner -V
This is CentOS release 4.1 (Final)
This is Perl version 5.008005 (5.8.5)
This is MailScanner version 4.44.6
Module versions are:
1.00 AnyDBM_File
1.16 Archive::Zip
1.03 Carp
1.119 Convert::BinHex
1.00 DirHandle
1.05 Fcntl
2.73 File::Basename
2.08 File::Copy
2.01 FileHandle
1.06 File::Path
0.14 File::Temp
1.29 HTML::Entities
3.45 HTML::Parser
2.30 HTML::TokeParser
1.21 IO
1.10 IO::File
1.123 IO::Pipe
1.66 Mail::Header
3.05 MIME::Base64
5.417 MIME::Decoder
5.417 MIME::Decoder::UU
5.417 MIME::Head
5.417 MIME::Parser
3.03 MIME::QuotedPrint
5.417 MIME::Tools
0.10 Net::CIDR
1.08 POSIX
1.77 Socket
0.05 Sys::Syslog
1.02 Time::localtime
Optional module versions are:
1.809 DB_File
1.08 Digest
1.01 Digest::HMAC
2.33 Digest::MD5
2.07 Digest::SHA1
0.44 Inline
0.17 Mail::ClamAV
3.000004 Mail::SpamAssassin
missing Mail::SPF::Query
missing Net::CIDR::Lite
0.48 Net::DNS
missing Net::LDAP
1.94 Parse::RecDescent
missing SAVI
missing Sys::Hostname::Long
2.42 Test::Harness
0.47 Test::Simple
1.95 Text::Balanced
1.30 URI
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list