Increase in Spam getting through today? {Scanned by Allteks Mailsafe}

Paul Houselander housey at
Wed Mar 7 15:25:03 CET 2007

-----Original Message-----
From: mailscanner-bounces at
[mailto:mailscanner-bounces at]On Behalf Of Anthony
Sent: 07 March 2007 13:26
To: MailScanner discussion
Subject: Re: Increase in Spam getting through today? {Scanned by Allteks


Hugo van der Kooij wrote:
> On Wed, 7 Mar 2007, Paul Houselander wrote:
>> Just a quick one, weve had a massive increase in spam getting through
>> today,
>> lots of stock ones, I wondered if anyone else was seeing the same?
>> There scoring 0 even though they look very spammy to me.
>> There defintly not timing out and im still stopping a large amount of
>> spam.
>> I cant figure out if spammers have all of a sudden got very clever at
>> bypassing spamassasin or if something is wrong with my filters!
>> I use Spamassasin 3.1.7, sa-update, rules_du_jour, fuzzyocr, DCC,
>> Pyzor and
>> Razor and Bayes is enabled.
>> Ive run spamassasin -t -D < message on several of the messages and DCC is
>> firing now (but only DCC), so I know Spamassasin is being run on the
>> message
>> but no other rules are being hit!
> Sounds like your SA database is polutted.
> In my experience it is wise to keep a sample set op SPAM and HAM
> messages at hand. (both just over 200 examples)
> Then kill your bayesian database and relearn.
> I find that afetr such an action filtering with SpamAssassin is much
> more accurate on all messages.

>You may be right... But I don't think there is enough evidence in the
>original problem description to warrant such a drastic action.  In my
>experience Bayes is very stable, I have never had to rebuild the
>database because it became "polluted".

>If the OP can place an example message (with full headers) on a web site
>where we can get to it, many people here will be able to run that
>message through their systems.

>Also post the output you get from running spamassassin -t -D on the
>message, someone may be able to spot where things are going wrong.


Thanks for responding. Manged to solve the problem it was a rule I recently
added (got of someone on the spamassasin mailing list) that was causing a

body      __HILO_STOCKS1
\t]+\$[\d\ ]+?(.*)(Last|Low|Growth|High|Sale|Price)/i
body      __HILO_STOCKS2

meta      HILO_STOCKS     ( __HILO_STOCKS1 && __HILO_STOCKS2 )
describe  HILO_STOCKS     Looks like stocks scam
score     HILO_STOCKS     4.0

I ran one of the messages through it with debug enabled and saw the
following error:

[28988] dbg: rules: ran body rule SARE_MLB_Stock1 ======> got hit: "Target
Can't find Unicode property definition "r" at
/etc/mail/spamassassin/, rule __HILO_STOCKS1, line 1.

Ive removed the rule now and all is working ok, can you see whats wrong with
the rule?



More information about the MailScanner mailing list