Hello Thomas. So I checked the settings you recommended,
DoBayesian is set to block BayesWL & BayesNP are both set to off So as far as I am aware, DoBayesian has been set to block for a long time and has not been changed. What should this be set to? Setting this value to score would score the emails accordingly in the PB correct? I just want to make sure before I make a major change like this that I fully understand how this should work. My concern is why if I have both the BayesWL & BayesNP turned off are white listed users still being subjected to the spam filtering process? I could see if I had those features turned on that those users would be, but that is not the case here. Any other settings I could check that might be affecting this? Thank you for the advice and guidance. I appreciate it. On 8/28/2015 2:03 AM, Thomas Eckardt wrote: > check your Bayesian config > > 'DoBayesian' seems to be configured to 'block' > 'BayesWL' and/or 'BayesNP is switched on > > Thomas > > > > > > > Von: Jay <h...@herodata.com> > An: For Users of ASSP <assp-user@lists.sourceforge.net> > Datum: 27.08.2015 21:23 > Betreff: [Assp-user] Whitelisted Users rejected as Spam? > > > > The current build we are on is 2.4.5(15162). So my problem just keeps > getting weirder and weirder. This all seems to be traveling it's way > back to the fear that my ASSP database is definitely poisoned and needs > to be addressed. I got a call today from one of my users that does > business with a long term client. The client has been getting blocked by > the spam filter even though they are already on the white list and have > been for years. It was my understanding that once a user is white listed > in ASSP that they are no longer subjected to Bayesian matching and are > allowed through. This does not make any sense. > > Here's a snippet of my log file from ASSP for one of the blocked > messages. (I masked the IP and actual email addresses) > > Aug-27-15 11:59:58 [Worker_3] Connected: session:2AFB631C > XX.XX.XXX.XXX:60528 > XX.XXX.XXX.XXX:25 > 127.0.0.1:26 > Aug-27-15 11:59:59 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX > <sen...@user.com> info: found message size announcement: 1.92 MByte > Aug-27-15 11:59:59 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX > <sen...@user.com> message proxied without processing - message size > (2008713) is above 500000 (npSize). > Aug-27-15 11:59:59 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX > <sen...@user.com> to: recipi...@company.com info: detected IP's on the > mail routing way: 50.56.144.247, 50.56.144.22 > Aug-27-15 11:59:59 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX > <sen...@user.com> to: recipi...@company.com info: detected source IP: > XX.XX.XXX.XXX > Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX > <sen...@user.com> to: recipi...@company.com Message-Score: added -15 > (pbwValencePB) for In Penalty White Box, total score for this message is > now -15 > Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX > <sen...@user.com> to: recipi...@company.com Message-Score: added -15 > (pbwValencePB) for (OIP: XX.XX.XXX.XXX) In Penalty White Box, total > score for this message is now -30 > Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX > <sen...@user.com> to: recipi...@company.com Message-Score: added -15 > (pbwValencePB) for (OIP: XX.XX.XXX.XX) In Penalty White Box, total score > for this message is now -45 > Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX > <sen...@user.com> to: recipi...@company.com Bayesian Check - Prob: > 1.00000 => spam > Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX > <sen...@user.com> to: recipi...@company.com Message-Score: added 39 for > Bayesian Probability: 1.00000, total score for this message is now -6 > Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] [Bayesian] XX.XX.XXX.XXX > <sen...@user.com> to: recipi...@company.com [spam found] (Bayesian) [Lot > 1 CWF Work Order Documents] -> c:/assp/discarded/20883--4453557.eml; > Aug-27-15 12:00:02 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX > <sen...@user.com> to: recipi...@company.com [SMTP Error] 554 Mail > appears to be unsolicited SPAM-- > > So the client is sen...@user.com and has been on the white list for a > long time. This situation seems to have cropped up since we updated ASSP > about 3 weeks ago. Here's what I got back from the white list report: > > sen...@user.com: already on whitelist <------ This is what puzzles me, > why did the user get their message rejected but they are on the white > list? > > Two things concern me here, 1. Why are white listed users still being > subjected to Bayesian matching? and 2. How do I go about fixing the > issue with Bayesian? I submitting the email to the mail analyzer and > here's the output: > > Feature Matching: All green dots and every check here, Whitelisted > Domains, On Global Whitelist, SPF-Check, URIBL, Known Good HELO, valid > MX record, valid A record, RBLCheck, etc. > > Here's the Bayesian Analysis: > > Bad Words Bad Prob > randnumber randnumber 1 > blines blines 0.9991 > font family 0.9985 > mso style 0.9975 > font size 0.9949 > font face 0.9932 > face font 0.9932 > style priority 0.9902 > if you 0.9848 > randnumber 0pt 0.9848 > size randnumber 0.9848 > 0in 0in 0.9737 > com sender 0.9737 > margin bottom 0.9737 > randnumber font 0.9737 > family calibri 0.9737 > priority randnumber 0.9737 > you have 0.9737 > sans serif 0.9737 > ssub ssub 0.9737 > panose randnumber 0.9737 > 0pt font 0.9737 > div wordsection1 0.9444 > blue text 0.9444 > wordsection1 size 0.9444 > export only 0.9444 > panose font 0.9444 > thank you 0.9444 > emailstylerandnumber mso 0.9444 > color blue 0.9444 > com rcpt 0.9444 > msohyperlink mso 0.9444 > style definitions 0.9444 > msohyperlinkfollowed mso 0.9444 > visited span 0.9444 > type export 0.9444 > calibri panose 0.9444 > li msonormal 0.9444 > fax randnumber 0.9444 > 0in margin 0.9444 > text decoration 0.9444 > serif color 0.9444 > wordsection1 page 0.9444 > > Good Words Good Prob > work order 0.0002 > lot ssub 0.0002 > ssub lot 0.0002 > questions thank 0.0012 > homes randnumber 0.0021 > color windowtext 0.016 > shiloh il 0.0196 > wordsection1 attachment 0.02 > randnumber office 0.0274 > randnumber mobile 0.0316 > windowtext msochpdefault 0.0435 > compose font 0.0463 > com style 0.0497 > always please 0.0556 > ssub documents 0.0556 > blines andrea 0.0556 > > combined probability: 1.00000000 - got 137 - used 60 most significant > results > > Sorry for the massive post but this is really concerning me and in the > years I have been using ASSP I have never seen this type of situation > happen where a white listed user got email rejected due to ASSP thinking > it's spam. We just upgraded ASSP from version 2.4.1(14085) to version > 2.4.5(15162) on 8/7/2015. All I did was drop in the update files ASSP.pl > and ASSP_pop3.pl. I had to update 2 modules that were out of date > ASSP_FC from version 1.04 to 1.05 and ASSP_SVC 1.02 to version 1.03. I > have not changed anything in my config file and it's the same as it has > been. > > Any suggestions or advice is greatly appreciated. > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > ----- > No virus found in this message. > Checked by AVG - www.avg.com > Version: 2015.0.6086 / Virus Database: 4409/10523 - Release Date: 08/27/15 > > ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
