Good day Thomas. So I went back to the log file for the day this user was blocked. Looking at the entry I submitted here I see that the user that the email was supposed to go to sent them an email right afterwards. Which in turn white listed the original sender. My apologies, I didn't catch that before hand and jumped the gun. All I saw after I ran a blocked report was the user was already on the white list.
So I don't want to send you on a wild goose chase and I apologize for not catching this sooner. Thank you for getting back to me. On 8/31/2015 11:32 AM, Jay wrote: > So that leads to the original question I had, Why were the white listed > users subjected to Bayesian? > > These are the settings I have set: > > 'DoBayesian' = Block > 'BayesWL' = OFF > 'BayesNP' = OFF > > > > > On 8/31/2015 11:26 AM, Thomas Eckardt wrote: >>> Thank you for letting me know those settings are defaults. Here's the >>> current settings I have once again: >>> 'DoBayesian' = Block >>> 'BayesWL' = OFF >>> 'BayesNP' = OFF >> Whitelisted and noprocessing mails will be not processed by the Bayesian >> check, if these are your settings. >> Noprocessing because of the message size is ignored by the Bayesian check >> - only full content checks are skipped by this flag. >> >>> Still my concern here is why where my white listed users subjected to >> Bayesian matching? >> >> I can't see any whitelisted sender in any of your posts. >> >>>> Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX >>>> <[email protected]> to: [email protected] Message-Score: added -15 >>>> (pbwValencePB) for (OIP: XX.XX.XXX.XXX) In Penalty White Box, total >>>> score for this message is now -30 >> The 'Penalty White Box' does NOT whitelist the mail! It gives a bonus >> score and skipps some PenaltyBox checks - nothing else. >> >> Thomas >> >> >> >> >> Von: Jay <[email protected]> >> An: [email protected] >> Datum: 31.08.2015 16:50 >> Betreff: Re: [Assp-user] Whitelisted Users rejected as Spam? >> >> >> >> Good day Thomas. >> >> Thank you for letting me know those settings are defaults. Here's the >> current settings I have once again: >> >> 'DoBayesian' = Block >> 'BayesWL' = OFF >> 'BayesNP' = OFF >> >> Looking through the email interface neither 'BayesWL' or 'BayesNP' have >> any description. So I am not inclined to just turn these on without >> knowing what they do. So what do these functions do so I understand >> this. Does ON mean white listed and No Processing users are subjected to >> Bayesian? or is it the other way around? >> >> Still my concern here is why where my white listed users subjected to >> Bayesian matching? Is this because I have BayesWL & BayesNP turned OFF? >> >> On 8/29/2015 5:33 AM, Thomas Eckardt wrote: >>>> 'DoBayesian' seems to be configured to 'block' >>>> 'BayesWL' and/or 'BayesNP is switched on >>> These are faults. >>> >>> Thomas >>> >>> >>> >>> >>> >>> Von: Jay <[email protected]> >>> An: [email protected] >>> Datum: 28.08.2015 16:21 >>> Betreff: Re: [Assp-user] Whitelisted Users rejected as Spam? >>> >>> >>> >>> Hello Thomas. >>> >>> So I checked the settings you recommended, >>> >>> DoBayesian is set to block >>> BayesWL & BayesNP are both set to off >>> >>> So as far as I am aware, DoBayesian has been set to block for a long >>> time and has not been changed. What should this be set to? Setting this >>> value to score would score the emails accordingly in the PB correct? I >>> just want to make sure before I make a major change like this that I >>> fully understand how this should work. >>> >>> My concern is why if I have both the BayesWL & BayesNP turned off are >>> white listed users still being subjected to the spam filtering process? >>> I could see if I had those features turned on that those users would be, >>> but that is not the case here. Any other settings I could check that >>> might be affecting this? >>> >>> Thank you for the advice and guidance. I appreciate it. >>> >>> On 8/28/2015 2:03 AM, Thomas Eckardt wrote: >>>> check your Bayesian config >>>> >>>> 'DoBayesian' seems to be configured to 'block' >>>> 'BayesWL' and/or 'BayesNP is switched on >>>> >>>> Thomas >>>> >>>> >>>> >>>> >>>> >>>> >>>> Von: Jay <[email protected]> >>>> An: For Users of ASSP <[email protected]> >>>> Datum: 27.08.2015 21:23 >>>> Betreff: [Assp-user] Whitelisted Users rejected as Spam? >>>> >>>> >>>> >>>> The current build we are on is 2.4.5(15162). So my problem just keeps >>>> getting weirder and weirder. This all seems to be traveling it's way >>>> back to the fear that my ASSP database is definitely poisoned and needs >>>> to be addressed. I got a call today from one of my users that does >>>> business with a long term client. The client has been getting blocked >> by >>>> the spam filter even though they are already on the white list and have >>>> been for years. It was my understanding that once a user is white >> listed >>>> in ASSP that they are no longer subjected to Bayesian matching and are >>>> allowed through. This does not make any sense. >>>> >>>> Here's a snippet of my log file from ASSP for one of the blocked >>>> messages. (I masked the IP and actual email addresses) >>>> >>>> Aug-27-15 11:59:58 [Worker_3] Connected: session:2AFB631C >>>> XX.XX.XXX.XXX:60528 > XX.XXX.XXX.XXX:25 > 127.0.0.1:26 >>>> Aug-27-15 11:59:59 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX >>>> <[email protected]> info: found message size announcement: 1.92 MByte >>>> Aug-27-15 11:59:59 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX >>>> <[email protected]> message proxied without processing - message size >>>> (2008713) is above 500000 (npSize). >>>> Aug-27-15 11:59:59 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX >>>> <[email protected]> to: [email protected] info: detected IP's on the >>>> mail routing way: 50.56.144.247, 50.56.144.22 >>>> Aug-27-15 11:59:59 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX >>>> <[email protected]> to: [email protected] info: detected source IP: >>>> XX.XX.XXX.XXX >>>> Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX >>>> <[email protected]> to: [email protected] Message-Score: added -15 >>>> (pbwValencePB) for In Penalty White Box, total score for this message >> is >>>> now -15 >>>> Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX >>>> <[email protected]> to: [email protected] Message-Score: added -15 >>>> (pbwValencePB) for (OIP: XX.XX.XXX.XXX) In Penalty White Box, total >>>> score for this message is now -30 >>>> Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX >>>> <[email protected]> to: [email protected] Message-Score: added -15 >>>> (pbwValencePB) for (OIP: XX.XX.XXX.XX) In Penalty White Box, total >> score >>>> for this message is now -45 >>>> Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX >>>> <[email protected]> to: [email protected] Bayesian Check - Prob: >>>> 1.00000 => spam >>>> Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX >>>> <[email protected]> to: [email protected] Message-Score: added 39 for >>>> Bayesian Probability: 1.00000, total score for this message is now -6 >>>> Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] [Bayesian] XX.XX.XXX.XXX >>>> <[email protected]> to: [email protected] [spam found] (Bayesian) >> [Lot >>>> 1 CWF Work Order Documents] -> c:/assp/discarded/20883--4453557.eml; >>>> Aug-27-15 12:00:02 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX >>>> <[email protected]> to: [email protected] [SMTP Error] 554 Mail >>>> appears to be unsolicited SPAM-- >>>> >>>> So the client is [email protected] and has been on the white list for a >>>> long time. This situation seems to have cropped up since we updated >> ASSP >>>> about 3 weeks ago. Here's what I got back from the white list report: >>>> >>>> [email protected]: already on whitelist <------ This is what puzzles >> me, >>>> why did the user get their message rejected but they are on the white >>>> list? >>>> >>>> Two things concern me here, 1. Why are white listed users still being >>>> subjected to Bayesian matching? and 2. How do I go about fixing the >>>> issue with Bayesian? I submitting the email to the mail analyzer and >>>> here's the output: >>>> >>>> Feature Matching: All green dots and every check here, Whitelisted >>>> Domains, On Global Whitelist, SPF-Check, URIBL, Known Good HELO, valid >>>> MX record, valid A record, RBLCheck, etc. >>>> >>>> Here's the Bayesian Analysis: >>>> >>>> Bad Words Bad Prob >>>> randnumber randnumber 1 >>>> blines blines 0.9991 >>>> font family 0.9985 >>>> mso style 0.9975 >>>> font size 0.9949 >>>> font face 0.9932 >>>> face font 0.9932 >>>> style priority 0.9902 >>>> if you 0.9848 >>>> randnumber 0pt 0.9848 >>>> size randnumber 0.9848 >>>> 0in 0in 0.9737 >>>> com sender 0.9737 >>>> margin bottom 0.9737 >>>> randnumber font 0.9737 >>>> family calibri 0.9737 >>>> priority randnumber 0.9737 >>>> you have 0.9737 >>>> sans serif 0.9737 >>>> ssub ssub 0.9737 >>>> panose randnumber 0.9737 >>>> 0pt font 0.9737 >>>> div wordsection1 0.9444 >>>> blue text 0.9444 >>>> wordsection1 size 0.9444 >>>> export only 0.9444 >>>> panose font 0.9444 >>>> thank you 0.9444 >>>> emailstylerandnumber mso 0.9444 >>>> color blue 0.9444 >>>> com rcpt 0.9444 >>>> msohyperlink mso 0.9444 >>>> style definitions 0.9444 >>>> msohyperlinkfollowed mso 0.9444 >>>> visited span 0.9444 >>>> type export 0.9444 >>>> calibri panose 0.9444 >>>> li msonormal 0.9444 >>>> fax randnumber 0.9444 >>>> 0in margin 0.9444 >>>> text decoration 0.9444 >>>> serif color 0.9444 >>>> wordsection1 page 0.9444 >>>> >>>> Good Words Good Prob >>>> work order 0.0002 >>>> lot ssub 0.0002 >>>> ssub lot 0.0002 >>>> questions thank 0.0012 >>>> homes randnumber 0.0021 >>>> color windowtext 0.016 >>>> shiloh il 0.0196 >>>> wordsection1 attachment 0.02 >>>> randnumber office 0.0274 >>>> randnumber mobile 0.0316 >>>> windowtext msochpdefault 0.0435 >>>> compose font 0.0463 >>>> com style 0.0497 >>>> always please 0.0556 >>>> ssub documents 0.0556 >>>> blines andrea 0.0556 >>>> >>>> combined probability: 1.00000000 - got 137 - used 60 most >> significant >>>> results >>>> >>>> Sorry for the massive post but this is really concerning me and in the >>>> years I have been using ASSP I have never seen this type of situation >>>> happen where a white listed user got email rejected due to ASSP >> thinking >>>> it's spam. We just upgraded ASSP from version 2.4.1(14085) to version >>>> 2.4.5(15162) on 8/7/2015. All I did was drop in the update files >> ASSP.pl >>>> and ASSP_pop3.pl. I had to update 2 modules that were out of date >>>> ASSP_FC from version 1.04 to 1.05 and ASSP_SVC 1.02 to version 1.03. I >>>> have not changed anything in my config file and it's the same as it has >>>> been. >>>> >>>> Any suggestions or advice is greatly appreciated. >>>> >>>> >>>> >>>> >> ------------------------------------------------------------------------------ >>>> _______________________________________________ >>>> Assp-user mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/assp-user >>>> >>>> >>>> >>>> >>>> >>>> >>>> DISCLAIMER: >>>> ******************************************************* >>>> This email and any files transmitted with it may be confidential, >>> legally >>>> privileged and protected in law and are intended solely for the use of >>> the >>>> individual to whom it is addressed. >>>> This email was multiple times scanned for viruses. There should be no >>>> known virus in this email! >>>> ******************************************************* >>>> >>>> >> ------------------------------------------------------------------------------ >>>> _______________________________________________ >>>> Assp-user mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/assp-user >>>> >>>> >>>> >>>> ----- >>>> No virus found in this message. >>>> Checked by AVG - www.avg.com >>>> Version: 2015.0.6086 / Virus Database: 4409/10523 - Release Date: >>> 08/27/15 >>> >>> >>> >> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> Assp-user mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/assp-user >>> >>> >>> >>> >>> >>> >>> DISCLAIMER: >>> ******************************************************* >>> This email and any files transmitted with it may be confidential, >> legally >>> privileged and protected in law and are intended solely for the use of >> the >>> individual to whom it is addressed. >>> This email was multiple times scanned for viruses. There should be no >>> known virus in this email! >>> ******************************************************* >>> >>> >> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> Assp-user mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/assp-user >>> >>> >>> >>> ----- >>> No virus found in this message. >>> Checked by AVG - www.avg.com >>> Version: 2015.0.6086 / Virus Database: 4409/10550 - Release Date: >> 08/31/15 >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Assp-user mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/assp-user >> >> >> >> >> >> >> DISCLAIMER: >> ******************************************************* >> This email and any files transmitted with it may be confidential, legally >> privileged and protected in law and are intended solely for the use of the >> >> individual to whom it is addressed. >> This email was multiple times scanned for viruses. There should be no >> known virus in this email! >> ******************************************************* >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Assp-user mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/assp-user >> >> >> >> ----- >> No virus found in this message. >> Checked by AVG - www.avg.com >> Version: 2015.0.6086 / Virus Database: 4409/10550 - Release Date: 08/31/15 >> >> > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > ----- > No virus found in this message. > Checked by AVG - www.avg.com > Version: 2015.0.6086 / Virus Database: 4409/10550 - Release Date: 08/31/15 > > ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
