<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
code
        {mso-style-priority:99;
        font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.msolistparagraphcxspfirst, li.msolistparagraphcxspfirst, div.msolistparagraphcxspfirst
        {mso-style-name:msolistparagraphcxspfirst;
        mso-style-priority:99;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        line-height:115%;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.msolistparagraphcxspmiddle, li.msolistparagraphcxspmiddle, div.msolistparagraphcxspmiddle
        {mso-style-name:msolistparagraphcxspmiddle;
        mso-style-priority:99;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        line-height:115%;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.msolistparagraphcxsplast, li.msolistparagraphcxsplast, div.msolistparagraphcxsplast
        {mso-style-name:msolistparagraphcxsplast;
        mso-style-priority:99;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        line-height:115%;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.EmailStyle23
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle24
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>Hit the wrong button and omitted my example..<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>Anyway, here’s my example – <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>#Sanesecurity Signature (jurlbl.ndb)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>header SPAMVIRUSJurlbl X-YOURORGANISATION-MailScanner-SpamVirus-Report =~ /Sanesecurity.Jurlbl/i<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>score SPAMVIRUSJurlbl 4.0<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>describe SPAMVIRUSJurlbl Spam Virus Junk<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>There are loads of databases you can use, it’s a fantastic ‘bolt on’ to clamd. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>Thanks,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'>Rich<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p>&nbsp;</o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] <b>On Behalf Of </b>Richard Mealing<br><b>Sent:</b> 27 May 2014 16:51<br><b>To:</b> 'mailscanner@lists.mailscanner.info'<br><b>Subject:</b> RE: MailScanner filtering out less and less spam<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p>&nbsp;</o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If you don’t have mailwatch you can turn on “Log Non Spam”, then you can see the scores in the logs. Maybe your threshold is wrong or you have turned it off altogether?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If you use clamav then you can add the signatured from sanesecurity and then you can treat emails as spam through the “Virus Names Which Are Spam” option. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>For example – <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Rich<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US'><o:p>&nbsp;</o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <a href="mailto:mailscanner-bounces@lists.mailscanner.info">mailscanner-bounces@lists.mailscanner.info</a> [<a href="mailto:mailscanner-bounces@lists.mailscanner.info">mailto:mailscanner-bounces@lists.mailscanner.info</a>] <b>On Behalf Of </b>Jonathan Horne<br><b>Sent:</b> 27 May 2014 15:24<br><b>To:</b> <a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br><b>Subject:</b> Re: MailScanner filtering out less and less spam<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p>&nbsp;</o:p></p><div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>the only one not enabled as Always Include SpamAssassin Report.&nbsp; the spam score number format was %d I think, but I tried the setting below, looks like that will be more verbose.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>overall, im not seeing rules get skipped, but emails that are obviously spams are just being no scored as such.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>thanks for the advice!<o:p></o:p></span></p></div><div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div></div><div style='border:none;border-top:solid #E5E5E5 1.0pt;padding:4.0pt 0cm 0cm 0cm'><div><p class=MsoNormal><b><span style='font-family:"Calibri","sans-serif";letter-spacing:.25pt'>From:</span></b><span style='font-family:"Calibri","sans-serif";letter-spacing:.25pt'>&nbsp;<a href="mailto:maxsec@gmail.com" target="_parent">Martin Hepworth</a><br><b>Sent:</b>&nbsp;‎Friday‎, ‎May‎ ‎23‎, ‎2014 ‎9‎:‎32‎ ‎AM<br><b>To:</b>&nbsp;<a href="mailto:mailscanner@lists.mailscanner.info" target="_parent">mailscanner@lists.mailscanner.info</a></span><span style='font-family:"Calibri","sans-serif"'><o:p></o:p></span></p></div></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div><div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>Hi<br>add the SA info into email headers to see what the score and rule hits are ( helps with debug), in </span><code><span style='font-size:10.0pt'>MailScanner.conf</span></code><span style='font-family:"Calibri","sans-serif"'> make sure the follow are set thus: <o:p></o:p></span></p><p><code><span style='font-size:10.0pt'>Spam Score Number Format = %5.2f</span></code><span style='font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p><p><code><span style='font-size:10.0pt'>Detailed Spam Report = yes</span></code><span style='font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p><p><code><span style='font-size:10.0pt'>Include Scores In SpamAssassin Report = yes</span></code><span style='font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p><p><code><span style='font-size:10.0pt'>Always Include SpamAssassin Report = yes</span></code><span style='font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p><p><code><span style='font-size:10.0pt'>Spam Score Number Format = %5.2f</span></code><span style='font-family:"Calibri","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>This should give you some clue as to whats (not) happening as first step<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><br clear=all><o:p></o:p></span></p><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>-- <br>Martin Hepworth, CISSP<br>Oxford, UK<o:p></o:p></span></p></div><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>On 23 May 2014 06:45, Michael Huntley &lt;<a href="mailto:michael@huntley.net" target="_parent">michael@huntley.net</a>&gt; wrote:<o:p></o:p></span></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt'><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>I always keep a sizable chunk of recent spam on hand to feed to spamassassin.&nbsp; I do it on a 45 day or so schedule.&nbsp; I place the spam in a folder and sa-learn it using the proper user.&nbsp; This seems to keep things sane.<br><br>Cheers!<br><br>mph<o:p></o:p></span></p><div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><br>&nbsp;<o:p></o:p></span></p><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>On 5/22/2014 7:12 PM, Jonathan Horne wrote:<o:p></o:p></span></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>Greetings,<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>I have several MailScanner installs that lately, have been allowing an increased amount of spam to deliver.&nbsp; all separate systems, at separate sites, but all behaving the same way.&nbsp; more and more spam each week is getting thru.&nbsp; ive been noticing an increase at least over the past 3-4 weeks.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>is there anything that can be done?&nbsp; previously when these systems were deployed (about 9-12 months ago, I forget now) they were incredibly effective.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>thanks for any tips,<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'>Jonathan<o:p></o:p></span></p></div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div><div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></blockquote><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-family:"Calibri","sans-serif"'><br>--<br>MailScanner mailing list<br><a href="mailto:mailscanner@lists.mailscanner.info" target="_parent">mailscanner@lists.mailscanner.info</a><br><a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_parent">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br><br>Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_parent">http://wiki.mailscanner.info/posting</a><br><br>Support MailScanner development - buy the book off the website!<o:p></o:p></span></p></blockquote></div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif"'><o:p>&nbsp;</o:p></span></p></div></div></div></div></body></html>