>> I recently installed a mailscanner filter in front of my exchange<br>>> server. It was working fine for a few weeks then slowly let more and<br>>> more spam through. Today it's letting alot of spam through. I am
<br>>> trying to verify that Bayes is learning, how would I do that? Also how<br>>> do I verify that the spam rules are being updated?<br>>><br>>> I also tried to place spam in a public folder on my exchange server
<br>>> and update bayes with these emails using this method provided by the<br>>> wiki<br>>> <a href="http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:sa-learn:msexchange">http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:sa-learn:msexchange
</a><br>>> It just stops executing at this line in the python script:<br>>> log.write(commands.getoutput("%s --prefs-file=%s --spam %s" %<br>.> (SALEARN, PREFS, TMPFILE)))<br>>> any ideas? I'm trying to determine what this line is accomplishing.
<br>>><br>>> Joey Marino<br>
<br>>Is there any bayes scores in the headers of the messages?<br>>Are you running any extra rules from <a href="http://rulesemporium.com">rulesemporium.com</a>?<br>>Are you properly set up to not accept mail to non-existent addresses?
<br>>Does your exchange server have a non-public address that can only be reached<br>>by the mailscanner box? Otherwise the spammers will find it.<br>
<br>
1. I am new to this, so please excuse any dumbness I may portray<br>
I am not sure how to read the headers other than the reports from MailWatch<br>
Here is an example header:<br>
Return-Path: <�g><br>
Received: from pyszczek (<a href="http://bhc145.neoplus.adsl.tpnet.pl">bhc145.neoplus.adsl.tpnet.pl</a> [<a href="http://83.28.92.145">83.28.92.145</a>])<br>
by localhost.localdomain (8.13.1/8.13.1) with ESMTP id lAKNStWv009338<br>
for <<a href="mailto:elliott@whippleauction.com">elliott@whippleauction.com</a>>; Tue, 20 Nov 2007 18:28:57 -0500<br>
Received: from [<a href="http://83.28.92.145">83.28.92.145</a>] by <a href="http://mx1.biz.mail.yahoo.com">mx1.biz.mail.yahoo.com</a>; Wed, 21 Nov 2007 00:28:56 +0100<br>
Message-ID: <01c82bd5$80c67fa0$915c1c53@lbarlow><br>
From: "Marty Kimball" <<a href="mailto:lbarlow@nanapun.com">lbarlow@nanapun.com</a>><br>
To: <<a href="mailto:elliott@whippleauction.com">elliott@whippleauction.com</a>><br>
Subject: MoneybackPolicyInternationalPharShipping<br>
Date: Wed, 21 Nov 2007 00:28:56 +0100<br>
MIME-Version: 1.0<br>
Content-Type: multipart/alternative;<br>
boundary="----=_NextPart_000_0007_01C82BD5.80C67FA0"<br>
X-Priority: 3<br>
X-MSMail-Priority: Normal<br>
X-Mailer: Microsoft Outlook Express 6.00.2900.2905<br>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2905<br>
<br>
Now the information in the rows following "SpamAssassin" in this particular report show all [N]'s<br>
In the messages that were recognized as spam, The "SpamAssassin Autolearn:" row show's [Y]<br>
I hope that answers the first question<br>
<br>
2. I ran rules_du_jour (which is also in my cron tab) and the report
shows that I did update rules from SARE. This message was in my summary
report: <br>
No index found for ruleset named ANTIDRUG. Check that this ruleset is still valid.<br>
3. I don't think I am set up to not accept mail to non-existent
addresses, I didn't create a list of existing email addresses or link
it to my exchange server active directory. How would I do this and how
would this help?<br>
4. I believe the exchange server does have a private address. All
incoming SMTP requests are staticly routed to the mailscanner box. I
ran a DNS lookup for the hostname of the box and nothing was found. How
else would I verify this to be correct? <br>-- <br>Joey Marino<br>