Bayes not learning? exchange environment

Joey Marino joey.da3rd at gmail.com
Tue Nov 20 23:51:21 GMT 2007 

>> I recently installed a mailscanner filter in front of my exchange
>> server. It was working fine for a few weeks then slowly let more and
>> more spam through. Today it's letting alot of spam through. I am
>> trying to verify that Bayes is learning, how would I do that? Also how
>> do I verify that the spam rules are being updated?
>>
>> I also tried to place spam in a public folder on my exchange server
>> and update bayes with these emails using this method provided by the
>> wiki
>>
http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:sa-learn:msexchange
>> It just stops executing at this line in the python script:
>> log.write(commands.getoutput("%s --prefs-file=%s --spam %s" %
.> (SALEARN, PREFS, TMPFILE)))
>> any ideas? I'm trying to determine what this line is accomplishing.
>>
>> Joey Marino

>Is there any bayes scores in the headers of the messages?
>Are you running any extra rules from rulesemporium.com?
>Are you properly set up to not accept mail to non-existent addresses?
>Does your exchange server have a non-public address that can only be
reached
>by the mailscanner box? Otherwise the spammers will find it.

1. I am new to this, so please excuse any dumbness I may portray
I am not sure how to read the headers other than the reports from MailWatch
Here is an example header:
Return-Path: <�g>
Received: from pyszczek (bhc145.neoplus.adsl.tpnet.pl [83.28.92.145])
     by localhost.localdomain (8.13.1/8.13.1) with ESMTP id lAKNStWv009338
     for <elliott at whippleauction.com>; Tue, 20 Nov 2007 18:28:57 -0500
Received: from [83.28.92.145] by mx1.biz.mail.yahoo.com; Wed, 21 Nov 2007
00:28:56 +0100
Message-ID: <01c82bd5$80c67fa0$915c1c53 at lbarlow>
From: "Marty Kimball" <lbarlow at nanapun.com>
To: <elliott at whippleauction.com>
Subject: MoneybackPolicyInternationalPharShipping
Date: Wed, 21 Nov 2007 00:28:56 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
     boundary="----=_NextPart_000_0007_01C82BD5.80C67FA0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2905
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2905

Now the information in the rows following "SpamAssassin" in this particular
report show all [N]'s
In the messages that were recognized as spam, The  "SpamAssassin
Autolearn:"  row show's [Y]
I hope that answers the first question

2. I ran rules_du_jour (which is also in my cron tab) and the report shows
that I did update rules from SARE. This message was in my summary report:
No index found for ruleset named ANTIDRUG.  Check that this ruleset is still
valid.
3. I don't think I am set up to not accept mail to non-existent addresses, I
didn't create a list of existing email addresses or link it to my exchange
server active directory. How would I do this and how would this help?
4. I believe the exchange server does have a private address. All incoming
SMTP requests are staticly routed to the mailscanner box. I ran a DNS lookup
for the hostname of the box and nothing was found. How else would I verify
this to be correct?
-- 
Joey Marino
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071120/e4dacd5a/attachment.html

More information about the MailScanner mailing list