How do i stop these spams?

Logan Shaw lshaw at emitinc.com
Tue Sep 12 23:59:48 IST 2006 

On Tue, 12 Sep 2006, Drew Marshall wrote:
> On 12 Sep 2006, at 23:13, Peter Russell wrote:

>> I have heaps o users getting these spams at the moment. We have razor, dcc 
>> and pyzor and heaps of ruledujour running.
>> 
>> -MailScanner-SpamCheck: not spam,
>> 	SpamAssassin (cached, score=0.203, required 6, BAYES_00 -2.60,
>> 	FORGED_RCVD_HELO 0.14, SARE_FWDLOOK 1.67, SARE_OBFUMONEY2 1.00,
>> 	UNPARSEABLE_RELAY 0.00)

> BAYES_00 -2.60 < That's the bit that's not helping. You need to teach Bayes 
> that these are spam.

To elaborate a little bit, "BAYES_00" means "the Bayes module
has examined your message and determined that, based on its
keywords, it is really very confident this message is NOT spam."

It's a little confusing, but basically:
BAYES_00 means "almost definitely NOT spam";
BAYES_99 means "almost definitely IS spam"; and,
BAYES_50 means "no clear indication either way".

Since you are getting BAYES_00 on a spam message, that means
one of two things:
(1) this particular message is amazingly, exceptionally good at
     defeating Bayes, or
(2) your Bayes database is seriously whacked.

I would check other spam and see if you are ever getting
anything less than BAYES_50 on them.  If you get BAYES_50 on a
spam, that doesn't indicate any problem with your configuration:
it just means that the Bayes database doesn't know about that
spam (or family of spam) yet.  If you get higher than BAYES_50,
that means Bayes is recognizing spam as spam.  But if you
get lower than BAYES_50 on a spam, that tends to indicate a
configuration problem.  Something may be training Bayes the
wrong direction.  Or maybe Bayes hasn't seen nearly enough spam
(in relation to ham) and it is starting to be overly optimistic
and conclude that everything is ham and nothing is spam.

If you look back at logs and your Bayes scores are way off,
it might be best to first correct the configuration error
that led to Bayes being trained incorrectly, then toss out
the existing Bayes database and start fresh.

   - Logan

More information about the MailScanner mailing list