Re: How do I write a custom rule to match any header
On Wed, Dec 12, 2012 at 10:24:28AM +0530, Ram wrote: I want to write a custom rule to match if Any header contain a particular string How do I do this ? man Mail::SpamAssassin::Conf says: [...] header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset: STRING] [...] header is the name of a mail header, such as 'Subject', 'To', etc. [...] There are several special pseudo-headers that can be specified: ALL can be used to mean the text of all the message's headers. [...] HTH, chris
Re: Suddenly a lot of low scores
On 12/11/2012 8:29 PM, Joseph Acquisto wrote: Suddenly a lot of garbage is getting thru. Stuff with nonsense text, etc. This is what I see: X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on open-122 X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=DECEASED_NO_ML,HTML_MESSAGE autolearn=unavailable version=3.3.2 X-Spam-Report: * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 DECEASED_NO_ML Dead not via mailing list and X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on open-122 X-Spam-Level: ** X-Spam-Status: No, score=2.7 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, FROM_12LTRDOM,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3, T_REMOTE_IMAGE autolearn=no version=3.3.2 X-Spam-Report: * 0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * 0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image * 1.6 T_REMOTE_IMAGE Message contains an external image * 0.1 FROM_12LTRDOM From a 12-letter domain The autolearn seems odd. Without seeing the messages, there's not much we can say about the scores. Put the full messages in pastebin and give us the link so we can look at it. The autolearn looks normal to me. autolearn=unavailable -- This means that something was locking the bayes database when this message was processed. autolearn=no -- This means that SA looked at the message and decided not to learn from it. In this case, the score is too high to autolearn as ham and too low to autolearn as spam. I don't see the bayes rules firing. Is this a new SA setup? Once you learn enough messages to activate the bayes scoring, you should see a bayes rule hit on every email. -- Bowie
Re: Suddenly a lot of low scores
Without seeing the messages, there's not much we can say about the scores. Put the full messages in pastebin and give us the link so we can look at it. The autolearn looks normal to me. autolearn=unavailable -- This means that something was locking the bayes database when this message was processed. autolearn=no -- This means that SA looked at the message and decided not to learn from it. In this case, the score is too high to autolearn as ham and too low to autolearn as spam. I don't see the bayes rules firing. Is this a new SA setup? Once you learn enough messages to activate the bayes scoring, you should see a bayes rule hit on every email. -- Bowie It's a relatively new setup. No bayes seems wrong, but I'll have to check how many messages are in the database when I get back there. I send 5-10 messages daily. Spam only, tho, little ham seems to get by, mostly missed spam. joe a.
Re: Suddenly a lot of low scores
On 12/12/2012 11:39 AM, Joseph Acquisto wrote: Without seeing the messages, there's not much we can say about the scores. Put the full messages in pastebin and give us the link so we can look at it. The autolearn looks normal to me. autolearn=unavailable -- This means that something was locking the bayes database when this message was processed. autolearn=no -- This means that SA looked at the message and decided not to learn from it. In this case, the score is too high to autolearn as ham and too low to autolearn as spam. I don't see the bayes rules firing. Is this a new SA setup? Once you learn enough messages to activate the bayes scoring, you should see a bayes rule hit on every email. -- Bowie It's a relatively new setup. No bayes seems wrong, but I'll have to check how many messages are in the database when I get back there. I send 5-10 messages daily. Spam only, tho, little ham seems to get by, mostly missed spam. There must be at least 200 ham and 200 spam in the database before SA will start using the bayes rules. -- Bowie
bayes score no showing up in the header
here is the header: X-Virus-Scanned: amavisd-new at mydomain.com X-Spam-Flag: NO X-Spam-Score: 5.243 X-Spam-Level: * X-Spam-Status: No, score=5.243 tagged_above=-999 required=5.3 tests=[DATE_IN_PAST_12_24=0.804, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, INVALID_DATE=0.432, MISSING_MID=0.14, NML_ADSP_CUSTOM_MED=1.2, RDNS_NONE=2.013, SPF_NEUTRAL=0.652] autolearn=no I do not see the bayes_score? any idea? Thanks in advance!
Re: Suddenly a lot of low scores
I send 5-10 messages daily. Spam only, tho, little ham seems to get by, mostly missed spam. joe a. I meant, that number of forwarded messages for bayes to learn. Should be well over 200 spam by now. Will it accept unmarked mail as ham, if sent as such, or would that mess things up? joe a.
Re: bayes score no showing up in the header
On Wed, 12 Dec 2012, motty cruz wrote: here is the header: X-Spam-Status: No, score=5.243 tagged_above=-999 required=5.3 tests=[DATE_IN_PAST_12_24=0.804, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, INVALID_DATE=0.432, MISSING_MID=0.14, NML_ADSP_CUSTOM_MED=1.2, RDNS_NONE=2.013, SPF_NEUTRAL=0.652] autolearn=no I do not see the bayes_score? any idea? Thanks in advance! Does it show up in *any* messages? There is a minimum of 200 learned hams and 200 learned spams before Bayes will start examining and scoring messages. Have you trained your Bayes database to that size yet? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- They will be slaughtered as result of England's anti-gun laws that concentrates power to the Government. -- Shifty Powers (101 abn) observing British subjects training to repel a German invasion using rakes, hoes and pitchforks --- 3 days until Bill of Rights day
Re: bayes score no showing up in the header
On Wed, 12 Dec 2012, motty cruz wrote: Thanks John, It does not show up in any message at all! here is the sa-learn --dump magic command: # sa-learn --dump magic 0.000 0 4680 0 non-token data: nspam 0.000 0 88357 0 non-token data: nham Ok, so that database has 4k spam and 88k ham tokens, it should be active. any idea? Apart from too few tokens the most common problem is training to a database that SA is not using. In the default SA configuration you have to train the database as the same user that SA is running under, so that the files get created in the correct place. What user is SA running as? What user did you run the sa-learn --dump command as? Have you overridden the default per-user Bayes database config to a systemwide shared Bayes database config? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- There is no better measure of the unthinking contempt of the environmentalist movement for civilization than their call to turn off the lights and sit in the dark.-- Sultan Knish --- 3 days until Bill of Rights day
Re: Suddenly a lot of low scores
On 12/12/2012 at 11:39 AM, Joseph Acquisto wrote: Without seeing the messages, there's not much we can say about the scores. Put the full messages in pastebin and give us the link so we can look at it. The autolearn looks normal to me. autolearn=unavailable -- This means that something was locking the bayes database when this message was processed. autolearn=no -- This means that SA looked at the message and decided not to learn from it. In this case, the score is too high to autolearn as ham and too low to autolearn as spam. I don't see the bayes rules firing. Is this a new SA setup? Once you learn enough messages to activate the bayes scoring, you should see a bayes rule hit on every email. -- Bowie It's a relatively new setup. No bayes seems wrong, but I'll have to check how many messages are in the database when I get back there. I send 5-10 messages daily. Spam only, tho, little ham seems to get by, mostly missed spam. joe a. I'm willing to bet (a penny) this is more like what should be seen, when bayes is working: X-Spam-Report: * 1.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider * (a.mail.user[at]gmail.com) * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.] * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's * domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature joe a. (Permissions, Permissions? We don't need no stinking permissions . . .)
