Re: Searched but did not find any info re scores for squirrelmail inbound
On Mon, 2010-06-28 at 14:57 -0400, Alex wrote: > > Nope, spamd does not do anything with the email either. > > Thanks for correcting me. I use amavisd. For those who use spamd, how > do they determine the email destiny based on the score? With just > procmail? Yes, or any other MDA, probably using sieve. Note though, that such MDA usually delivers identified spam into a dedicated "quarantine" folder *per* *user*, rather than globally. Moreover, merely focussing on the delivery folder is not all to it. How do they "use spamd" in the first place? Just like you integrate Amavisd-new with your MTA, you also need to do this in any other case. Procmail can do the spamc filter calling. In a general case (including any sieve MDA, IIRC) you once again need to integrate SA with the MTA. > I thought spamd also managed the quarantine, but I guess not. Nope, it doesn't. -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Searched but did not find any info re scores for squirrelmail inbound
Hi, >> [...] spamassassin itself only does the scoring -- it's up to another >> program, such as amavisd-new (separate application) or spamd (included >> with spamassassin) to do something with the email once it has been >> determined to be spam. > > Nope, spamd does not do anything with the email either. Thanks for correcting me. I use amavisd. For those who use spamd, how do they determine the email destiny based on the score? With just procmail? I thought spamd also managed the quarantine, but I guess not. Thanks, Alex
Re: Searched but did not find any info re scores for squirrelmail inbound
On Sun, 2010-06-27 at 21:34 -0400, Alex wrote: > [...] spamassassin itself only does the scoring -- it's up to another > program, such as amavisd-new (separate application) or spamd (included > with spamassassin) to do something with the email once it has been > determined to be spam. Nope, spamd does not do anything with the email either. As you correctly stated, SpamAssassin itself only does the scoring. Same for spamd, the SpamAssassin daemon. SA can score a message, classify based on a threshold, add headers, optionally rewrite a few select headers, or wrap the original, unaltered (spam) message in a new message. Or in short -- score, classify and report. That's it. That's what SA does. -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Searched but did not find any info re scores for squirrelmail inbound
On Sun, 2010-06-27 at 18:22 -0700, bongomania wrote: > My email server, squirrelmail, has spamassassin already installed. To > configure, it says to enter the score above which emails should be > quarantined. Unfortunately nowhere on that page, nor in the SA FAQ, nor in > the SA WIKI, nor in a search of old messages, can I find any mention of what > scores are normal to choose. That is probably because SA does not know about quarantining. SA scores a message. Quarantining, rejecting, delivering into a dedicated spam folder -- all actions that SA does not do. As you correctly stated yourself, you are not configuring SA by choosing a quarantine threshold. You want to read the docs of the software you are actually configuring. > Looking at the scoring system, it seems most > flags are worth less than 2 points. But the max is 999! So what is the > right range between 1 and 999 for normal usage? These limits are not imposed by SA, but that other software you are trying to set up. > And, honestly, why is such basic info missing from the entry-level usage > notes and FAQ? Cause it ain't a SA thang. -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Searched but did not find any info re scores for squirrelmail inbound
On Jun 27, 2010, at 8:22 PM, bongomania wrote: > > My email server, squirrelmail, has spamassassin already installed. To > configure, it says to enter the score above which emails should be > quarantined. Generally, 5 indicates spam. As a few false positives do occur at those levels, so I usually mark spam at 5 and quarantine around 7 to 20. Above 20, I usually just discard. > Unfortunately nowhere on that page, nor in the SA FAQ, nor in > the SA WIKI, nor in a search of old messages, can I find any mention of what > scores are normal to choose. You may find the amavisd-new FAQ to be useful. > Looking at the scoring system, it seems most > flags are worth less than 2 points. But the max is 999! So what is the > right range between 1 and 999 for normal usage? > > And, honestly, why is such basic info missing from the entry-level usage > notes and FAQ? > > Thanks for your help! > -- > View this message in context: > http://old.nabble.com/Searched-but-did-not-find-any-info-re-scores-for-squirrelmail-inbound-tp29008487p29008487.html > Sent from the SpamAssassin - Users mailing list archive at Nabble.com. >
Re: Searched but did not find any info re scores for squirrelmail inbound
Hi, > My email server, squirrelmail, has spamassassin already installed. To Squirrelmail isn't your email server, it's a client to an email server like postfix or sendmail. > configure, it says to enter the score above which emails should be > quarantined. Unfortunately nowhere on that page, nor in the SA FAQ, nor in Perhaps it's not as clear as it should be, but you can find it here: http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#scoring_options The default score is 5, before an email is considered spam, but spamassassin itself only does the scoring -- it's up to another program, such as amavisd-new (separate application) or spamd (included with spamassassin) to do something with the email once it has been determined to be spam. You should ask your administrator what the default score is, because while 5 is what most implementations use, it doesn't necessarily mean it is what yours is using. Also, even if it is 5, there may be some false positives (mail inadvertently marked as spam when it shouldn't have been) that raise the score above 5 that you may want to analyze before discarding. Regards, Alex
Searched but did not find any info re scores for squirrelmail inbound
My email server, squirrelmail, has spamassassin already installed. To configure, it says to enter the score above which emails should be quarantined. Unfortunately nowhere on that page, nor in the SA FAQ, nor in the SA WIKI, nor in a search of old messages, can I find any mention of what scores are normal to choose. Looking at the scoring system, it seems most flags are worth less than 2 points. But the max is 999! So what is the right range between 1 and 999 for normal usage? And, honestly, why is such basic info missing from the entry-level usage notes and FAQ? Thanks for your help! -- View this message in context: http://old.nabble.com/Searched-but-did-not-find-any-info-re-scores-for-squirrelmail-inbound-tp29008487p29008487.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Scores, razor, and other questions
MySQL Student wrote: > Hi, > > After another day of hacking, I have a handful of general questions > that I hoped you could help me to answer. > > - How can I find the score of a particular rule, without having to use > grep? I'm concerned that I might find it at some score, only for it to > be redefined somewhere else that I didn't catch. Something I can do > from the command-line? > No, to be comprehensive you'd have to do a series of greps, one for the default set, site rules, and user_prefs. You could probably make a little shell script to automate grepping all 3. > - How do I find out what servers razor is using? What is the current > license now that it's hosted on sf, or are the query servers not also > running there? It doesn't list any restrictions on the web site. > Wow.. the razor client has been hosted on SF for a LOOong time.. Like 6 years now? Regardless, the servers are operated by Vipul's company, cloudmark. Try running razor-admin -d -discover. Alternatively, look at razor's server.lst file. > - The large majority of the spam that I receive these days is a result > of a URL not being listed in one of the SBLs. I'm using SURBL, URIBL, > and spamcop. For example, I caught several hours > ago, and it's still not listed in any of the SBLs. Am I doing > something wrong or am I missing an SBL? Has anyone else's spam with > URLs increased a lot lately? > Note: domain censored, verizon's spam outbreak controls won't let me send the message with that domain in it right now. URIBLs have some inherent lag, and spammers are playing a race game with the URIBLs, trying to change domains faster than they get listed. Fortunately, the domain registrations cost the spammers money, so increasing the number of those they need is good. Personally, I find bayes tends to clean up most of what gets missed, although I auto-feed my bayes using spamtrap addresses that automatically submit to sa-learn --spam, resulting in very fresh spam training. Looking at uribl, they've currently got it listed in URIBL gold, but that's a non-free list of theirs. It's also a "proactive" list, so it will list domains before they send spam, making it more effective against mutating runs, but also might toss a FP or two on new domains. > Thanks, > Alex > > >
Re: Scores
Lars Ebeling wrote: Dear All, what does the different scores mean in this example: RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558 the TFM is a good reading! $ man Mail::SpamAssassin::Conf also available on the web: http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html Search for: score SYMBOLIC_TEST_NAME n.nn [ n.nn n.nn n.nn ] In short, the four scores are 1- no Bayes, no net 2- no Bayes 3- no net 4- both Bayes and net (are enabled)
Re: Scores
On 28.08.08 13:34, Lars Ebeling wrote: > what does the different scores mean in this example: > > RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558 I think it's described in the documentation... have you read it? http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#item_score_symbolic_test_name_n_2enn__5b_n_2enn_n_2enn_ -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
Re: Scores for recent stock spam
On Mon, 16 Jul 2007, Robert Fitzpatrick wrote: > On Mon, 2007-07-16 at 14:51 +0100, Alexis Manning wrote: > > What are people getting for the following stock spam? Ones like this keep > > scoring just under 5 for me. > > Same here, just under 5.0 and a lot... > > http://esmtp.webtent.net/clean-ZGw0SdPapnBE > > Anyone able to catch these? (raises hand) But then I have a lot of hand-tuned stock-specific custom rules. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Where We Want You To Go Today 07/05/07: Microsoft patents in-OS adware architecture incorporating spyware, profiling, competitor suppression and delivery confirmation (U.S. Patent #20070157227) --- 8 days until The 38th anniversary of Apollo 11 landing on the Moon
Re: Scores for recent stock spam
On Mon, 2007-07-16 at 14:51 +0100, Alexis Manning wrote: > What are people getting for the following stock spam? Ones like this keep > scoring just under 5 for me. > Same here, just under 5.0 and a lot... http://esmtp.webtent.net/clean-ZGw0SdPapnBE Anyone able to catch these? -- Robert
Re: scores too low?
At 10:23 PM 5/22/2007, Mathias Homann wrote: Hi, lately i'm getting a lot of spam with rather low scores under 12.0 meaning that trash is not automatically deleted by my sieve filter). Here's a set of headers: 12 a low score? 12's pretty high. 8 is pretty high too, The headers alone score a 5.4 on my system. With the body it might score more.
Re: scores
On Donnerstag, 27. April 2006 14:53 Matt Kettler wrote: > I do agree.. it's not 100% safe.. However, it is also not safe to > have a server with no RDNS, because many won't take your mail.. Yes, I just had configured a server today which happens to receive mail from some Austrian government and hospitals, several(!) of them not having RDNS. I fixed it quickly, but will send a complaint to ALL of their postmasters, as well as the office@ addresses to put some fire under the postmasters asses - because I know Austrian postmasters don't happen to react if it's not their boss kicking them.. too bad. > I think it will take a while until there are few enough misconfigured > servers that this becomes safe enough to be the norm. However, I > suspect it will become the norm in a few years. I work hard to make it quicker *g*. I guess the best is to turn on the tests, and if some e-mail is rejected, tell them "what? your servers are not configured correctly?" - if the correct persons hear this (a boss who is not in IT), it will be fixed very quickly. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key: "lynx -source http://zmi.at/zmi3.asc | gpg --import" // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgpUZY8U6n3lP.pgp Description: PGP signature
Re: scores
Michael Monnerie wrote: > On Mittwoch, 26. April 2006 22:51 Matt Kettler wrote: > >> That said, you pretty much have to do this for your outbound >> mailservers because several LARGE ISPs will not accept mail from >> hosts with no RDNS. This includes AOL and Comcast off the top of my >> head. If you want to be able to email users at those sites, you need >> RDNS. >> > > Just today there was somebody on the postfix list saying he had to turn > off that checks because Intel uses some boxes without PTR records. So > it depends on your specific situation if you can turn on or off that > check. > > I use those checks, and if some bloody admins don't have PTR for their > servers, it's their problem. YMMV, and if your boss pisses on your > shoes, you probably will turn off this check. > > That said: Do as you prefer, but keep in mind it's not 100% safe. > > I do agree.. it's not 100% safe.. However, it is also not safe to have a server with no RDNS, because many won't take your mail.. I think it will take a while until there are few enough misconfigured servers that this becomes safe enough to be the norm. However, I suspect it will become the norm in a few years.
Re: scores
On Mittwoch, 26. April 2006 22:51 Matt Kettler wrote: > That said, you pretty much have to do this for your outbound > mailservers because several LARGE ISPs will not accept mail from > hosts with no RDNS. This includes AOL and Comcast off the top of my > head. If you want to be able to email users at those sites, you need > RDNS. Just today there was somebody on the postfix list saying he had to turn off that checks because Intel uses some boxes without PTR records. So it depends on your specific situation if you can turn on or off that check. I use those checks, and if some bloody admins don't have PTR for their servers, it's their problem. YMMV, and if your boss pisses on your shoes, you probably will turn off this check. That said: Do as you prefer, but keep in mind it's not 100% safe. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key: "lynx -source http://zmi.at/zmi3.asc | gpg --import" // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgpdFeNFlvYNH.pgp Description: PGP signature
Re: scores
From: "Bowie Bailey" <[EMAIL PROTECTED]> Pablo Allietti wrote: hi all i recently install spamassassin in freebsd but i can't find the file that contain the scores i need to chage for example NO_RDNS rule to give 3.0 but i can't find the file 0.5 NO_RDNSSending MTA has no reverse DNS (Postfix variant) 0.8 BR_REMOVER_QUOTE BODY: Inclui texto para remover email (quote) 0.1 TW_LB BODY: Odd Letter Triples with LB 0.6 J_CHICKENPOX_42BODY: 4alpha-pock-2alpha 0.6 J_CHICKENPOX_33BODY: 3alpha-pock-3alpha 0.6 J_CHICKENPOX_62BODY: 6alpha-pock-2alpha 2.0 BR_SPAMMER_URI URI: Texto suspeito 2.6 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS records 0.5 MIME_BAD_LINEBREAK Message body with fishy line breaks -1.6 AWLAWL: From: address is in the auto white-list The file that has scores for the default rules is /usr/share/spamassassin/50_scores.cf. However, you do not want to make changes to that file, because they will be overwritten every time you upgrade. Instead, put your changes in your local.cf file. This file is read after the default rule files and will override the default rule and score definitions. for your example, just add this line to your local.cf file: score NO_RDNS 3.0 Also, you should always be careful when creating high-scoring rules. Frequently, rules that sound like really good spam-sign turn out to have lots of false positives in practice. Since NO_RNDS has a default score of just 0.5, I would suspect that this might be the case here as well. So if you make this change, be sure to keep a close eye out for false positives. Actually for that specific rule the 3.05 rules give something like: score NO_DNS_FOR_FROM 0 1.1 0 1.6 That suggests it's a useless rule in some circumstances. A blanket 3.0 may not be at all a good idea. It also hints he has doctored the rule sets already and should remember where it was doctored the last time. (Of course, the scores all morph with updates so perhaps he has not made any changes to some other version's install.) {^_-}
Re: scores
From: "Pablo Allietti" <[EMAIL PROTECTED]> hi all i recently install spamassassin in freebsd but i can't find the file that contain the scores i need to chage for example NO_RDNS rule to give 3.0 but i can't find the file 0.5 NO_RDNSSending MTA has no reverse DNS (Postfix variant) 0.8 BR_REMOVER_QUOTE BODY: Inclui texto para remover email (quote) 0.1 TW_LB BODY: Odd Letter Triples with LB 0.6 J_CHICKENPOX_42BODY: 4alpha-pock-2alpha 0.6 J_CHICKENPOX_33BODY: 3alpha-pock-3alpha 0.6 J_CHICKENPOX_62BODY: 6alpha-pock-2alpha 2.0 BR_SPAMMER_URI URI: Texto suspeito 2.6 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS records 0.5 MIME_BAD_LINEBREAK Message body with fishy line breaks -1.6 AWLAWL: From: address is in the auto white-list If you want to override rules then there are two correct things you can do and a whole lot of incorrect ways. It sounds like you are hunting for an incorrect way. I can't help with that and keep my conscience from bugging me. The two correct ways are correct for different circumstances. The first is to make a change in the global behavior not just a specific user's behavior. Make a new rule set and name the file something like "ZZ_FinalThoughts.cf". Put your score overrides in that file: "score NO_DNS_FOR_FROM 3.0". Then place that file in the /etc/mail/spamassassin (usually.) (Look for a similar directory in the /etc directory that contains "local.cf".) I picked the name so that it will ALWAYS override EVERY other likely configuration file. If you have allowed individual user preferences then each user can add that line from above to their ~/user_prefs file. That will override even the "ZZ_FinalThoughts.cf" file. Do NOT change the scores in the default spamassassin directory. Any edits there are overwritten even for the smallest of updates. ".cf" Files in /etc/mail/spamassassin are left alone as a general rule. They may be obsoleted and ignored, though. Note that the J_CHICKENPOX_xx rules are overwritten every time the chickenpox rule set is updated. So making changes in that file will also result in their being updated away. That is why a final score override configuration file is best. (And even THAT may not be completely idiot proof. No matter how idiot proof we make software God will produce better idiots.) {^_^}
Re: scores
Michael Monnerie wrote: > On Mittwoch, 26. April 2006 16:09 Pablo Allietti wrote: >> i need to chage for example NO_RDNS rule to >> give 3.0 > > Don't do that, it's not required for a mail server to have an RDNS. At > least, it used to be the last time I looked into the RFCs. Technically, it's not required, but the RFCs do recommend that *ALL* IP addresses to have a PTR record if they are in-use on the internet. That said, you pretty much have to do this for your outbound mailservers because several LARGE ISPs will not accept mail from hosts with no RDNS. This includes AOL and Comcast off the top of my head. If you want to be able to email users at those sites, you need RDNS. I think you can count on most MXes dropping connections from hosts with no RDNS in a few years. As this practice becomes more common, there will be fewer "legitimate" sites that are mis-administered in this way. As time goes on and there are fewer misconfigured sites it will become more popular to block them because there will be fewer legitimate mails blocked.
Re: scores
On Mittwoch, 26. April 2006 16:09 Pablo Allietti wrote: > i need to chage for example NO_RDNS rule to > give 3.0 Don't do that, it's not required for a mail server to have an RDNS. At least, it used to be the last time I looked into the RFCs. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key: "lynx -source http://zmi.at/zmi3.asc | gpg --import" // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgpjAmP4k5NxZ.pgp Description: PGP signature
RE: scores
Pablo Allietti wrote: > > ok and i need to restart spamass after modify the local.cf? Yes. -- Bowie
Re: scores
On Wed, Apr 26, 2006 at 10:20:22AM -0400, Bowie Bailey wrote: > Pablo Allietti wrote: > > hi all i recently install spamassassin in freebsd but i can't find > > the file that contain the scores i need to chage for example > > NO_RDNS rule to give 3.0 but i can't find the file > > > > 0.5 NO_RDNSSending MTA has no reverse DNS (Postfix > > variant) > > 0.8 BR_REMOVER_QUOTE BODY: Inclui texto para remover email > > (quote) > > 0.1 TW_LB BODY: Odd Letter Triples with LB > > 0.6 J_CHICKENPOX_42BODY: 4alpha-pock-2alpha > > 0.6 J_CHICKENPOX_33BODY: 3alpha-pock-3alpha > > 0.6 J_CHICKENPOX_62BODY: 6alpha-pock-2alpha > > 2.0 BR_SPAMMER_URI URI: Texto suspeito > > 2.6 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS > > records > > 0.5 MIME_BAD_LINEBREAK Message body with fishy line breaks > > -1.6 AWLAWL: From: address is in the auto > > white-list > > The file that has scores for the default rules is > /usr/share/spamassassin/50_scores.cf. > > However, you do not want to make changes to that file, because they > will be overwritten every time you upgrade. ok and i need to restart spamass after modify the local.cf? > > Instead, put your changes in your local.cf file. This file is read > after the default rule files and will override the default rule and > score definitions. > > for your example, just add this line to your local.cf file: > > score NO_RDNS 3.0 > > Also, you should always be careful when creating high-scoring rules. > Frequently, rules that sound like really good spam-sign turn out to > have lots of false positives in practice. Since NO_RNDS has a default > score of just 0.5, I would suspect that this might be the case here as > well. So if you make this change, be sure to keep a close eye out for > false positives. > > -- > Bowie ---end quoted text--- -- .- Pablo Allietti E-mail: [EMAIL PROTECTED] | LACNIC Phone : +598 2 604 | http://LACNIC.NET
RE: scores
Pablo Allietti wrote: > On Wed, Apr 26, 2006 at 10:20:22AM -0400, Bowie Bailey wrote: > > > > The file that has scores for the default rules is > > /usr/share/spamassassin/50_scores.cf. > > > > However, you do not want to make changes to that file, because they > > will be overwritten every time you upgrade. > > > > Instead, put your changes in your local.cf file. This file is read > > after the default rule files and will override the default rule and > > score definitions. > > > > ok perfect. when i modify the local.cf i need to restart spamassassin? Depends on how you are calling SA. If you are using spamc/spamd, you will need to restart spamd. If you are using Amavisd-new, you will need to restart Amavisd-new. If you are calling spamassassin directly, you don't need to do anything as it reads the rules and scores every time it is called (which is why it is usually better to run spamc/spamd). -- Bowie
RE: scores
Pablo Allietti wrote: > hi all i recently install spamassassin in freebsd but i can't find > the file that contain the scores i need to chage for example > NO_RDNS rule to give 3.0 but i can't find the file > > 0.5 NO_RDNSSending MTA has no reverse DNS (Postfix > variant) > 0.8 BR_REMOVER_QUOTE BODY: Inclui texto para remover email > (quote) > 0.1 TW_LB BODY: Odd Letter Triples with LB > 0.6 J_CHICKENPOX_42BODY: 4alpha-pock-2alpha > 0.6 J_CHICKENPOX_33BODY: 3alpha-pock-3alpha > 0.6 J_CHICKENPOX_62BODY: 6alpha-pock-2alpha > 2.0 BR_SPAMMER_URI URI: Texto suspeito > 2.6 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS > records > 0.5 MIME_BAD_LINEBREAK Message body with fishy line breaks > -1.6 AWLAWL: From: address is in the auto > white-list The file that has scores for the default rules is /usr/share/spamassassin/50_scores.cf. However, you do not want to make changes to that file, because they will be overwritten every time you upgrade. Instead, put your changes in your local.cf file. This file is read after the default rule files and will override the default rule and score definitions. for your example, just add this line to your local.cf file: score NO_RDNS 3.0 Also, you should always be careful when creating high-scoring rules. Frequently, rules that sound like really good spam-sign turn out to have lots of false positives in practice. Since NO_RNDS has a default score of just 0.5, I would suspect that this might be the case here as well. So if you make this change, be sure to keep a close eye out for false positives. -- Bowie
Re: scores too low - neural network problem?
> > I understand that the individual test scores are fed through a neural > > network to derive the final score. So it seems that this network has > > started to behave badly. > > You misunderstand. The neural network (or whatever they're using these > days - it at least used to be a genetic algorithm) is used to assign the > default scores, not to adjust the scores after the fact. Thank you, you're right. I had misunderstood that. > More likely one of two things is happening: that header was added by > another system running SpamAssassin, or you aren't running with the > configuration you think you are. You're right-- I thought I had disabled the network tests, but I hadn't, so I wasn't getting the scores I thought I was. I disabled the network tests, and the problem is solved now. Regards, Andrew.
Re: scores too low - neural network problem?
> What is the output of this on your mesages? > > spamassassin -tD 2>&1 | pager > > What value does it show for BAYES_99 in the content analysis section? > If it says something other than 4.07 then it confirms that you are not > running with values from column four network test off. It sounds > instead like you are running with network tests enables. Are network > tests enabled in the debugging output? Thank you, this was correct. I thought I had disabled the network tests, but I hadn't. I've disabled them now, and the scoring has returned to what I thought it should be. Regards, Andrew.
Re: scores too low - neural network problem?
On Saturday 05 March 2005 1:21 pm, Andrew Schulman wrote: > I understand that the individual test scores are fed through a neural > network to derive the final score. So it seems that this network has > started to behave badly. You misunderstand. The neural network (or whatever they're using these days - it at least used to be a genetic algorithm) is used to assign the default scores, not to adjust the scores after the fact. More likely one of two things is happening: that header was added by another system running SpamAssassin, or you aren't running with the configuration you think you are. Double-check your config and make sure network tests really are disabled. I added up the scores for the tests you mentioned using the 4th column (Bayes + network both enabled) and it comes out to 2.65 - which would round to the 2.7 you're seeing. -- Kelson Vibber SpeedGate Communications
Re: scores too low - neural network problem?
Andrew Schulman wrote: > I'm running spamc/spamd 3.0.2 in Debian. I have Bayesian tests turned on, > and network tests off. I am running a similar system. But with network tests turned on. The network tests such as SURBL[1] are huge factors in increasing spam classification accuracy for me. > almost all of the spam is tagged as BAYES_95 or BAYES_99. My score > threshold is 5, the BAYES_99 test alone (using its default value) is > worth 4.07, and a few other tests are usually positive as > well. Yet, the total score is around 2.5. Of course as you are aware there are four scores. The first score is used when both Bayes and network tests are disabled (score set 0). The second score is used when Bayes is disabled, but network tests are enabled (score set 1). The third score is used when Bayes is enabled and network tests are disabled (score set 2). The fourth score is used when Bayes is enabled and network tests are enabled (score set 3). The default for BAYES_99 in SA-3.0.2 is: score BAYES_99 0 0 4.070 1.886 I fell to confusion on this exact thing debugging a problem of mine a while ago. I thought I was using one column but was really getting data from the other. What is the output of this on your mesages? spamassassin -tD 2>&1 | pager What value does it show for BAYES_99 in the content analysis section? If it says something other than 4.07 then it confirms that you are not running with values from column four network test off. It sounds instead like you are running with network tests enables. Are network tests enabled in the debugging output? > I understand that the individual test scores are fed through a neural > network to derive the final score. So it seems that this network has > started to behave badly. Because you are getting the BAYES_99 tag I am sure the bayes engine is working properly. You are seeing a scoring difference instead. > Can anyone shed any light on this? Is it a well-known problem? What's the > preferred way to address it? Remove all of SA's learned information and > retrain the network? Don't retrain! I am convinced by your evidence that you are actually running with network tests enables. Compare the result with the following. Does this give you the results you were looking for? spamassassin -L -tD 2>&1 | pager Bob [1] http://www.surbl.org/
Re: Scores in Spamassassin 3.0: some stats
Hi, On Fri, 08 Oct 2004 12:30:59 +0200 Cedric Foll <[EMAIL PROTECTED]> wrote: > First I've had a look on my spam scores and i saw a strange behavior, > BAYES_99 get a lower score (1.9) than BAYES_95 (2.0). > I've had a look on http://spamassassin.apache.org/tests_3_0_x.html and > this score seem normal when use of network tests. > But the problem is I have many spam not detected with a BAYES_99. > > So, how scores are set ? http://www.google.com/search?q=how+scores+are+assigned+spamassassin leads you to http://wiki.apache.org/spamassassin/HowScoresAreAssigned This is the most frequent of the FAQs. -- Bob