Re: Understanding ruleQA results
On Wed, 15 Aug 2018, RW wrote: On Tue, 14 Aug 2018 18:43:52 -0700 (PDT) John Hardin wrote: On Tue, 14 Aug 2018, RW wrote: I don't know that this is particularly specific to mobile, lots of people send emails with an empty subject. It sounds like the main cause would be a signature that contains the senders name as the only thing in a line. That'll be why all the FPs mentioned above came from the same person. Question: were those messages scored as spam? MISSING_SUBJECT + BAYES_50 + FRNAME_IN_MSG_NO_SUBJ scores 6.098 If I'm reading the score-map correctly (and 4 represents 4.000 to 4.999), then limiting the score to 2.0 seems like a reasonable compromise. scoremap spam: 1 0.17%2 scoremap spam: 3 1.99% 23 scoremap spam: 4 88.86% 1029 *** scoremap spam: 5 3.28% 38 * OK, I'll drop the score limit on the FRNAME_IN_MSG rules a bit. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Venezuela is busy reaping the benefits of Socialism: in one year 75% of the population has, on average, lost 19 pounds due to insufficient food, and 82% of households are below the poverty line. (2016 Venezuelan "Living Conditions Survey") --- Today: the 73rd anniversary of the end of World War II
Re: Understanding ruleQA results
On Tue, 14 Aug 2018, micah anderson wrote: John Hardin writes: On Tue, 14 Aug 2018, micah anderson wrote: John Hardin writes: On Tue, 14 Aug 2018, micah anderson wrote: OK, I can see about adding some mobile MUA exclusions. Any FP headers you can provide (directly) will be helpful. Go ahead and sanitize the recipient info, I don't think that would be relevant to tuning this one. I put 4 of the messages here: https://pastebin.com/YuPtBQXN thanks for your help! micah Thanks. Yesterday I added a FP avoidance check for DKIM based on the (very few) ham hits that are in the masscheck corpus; it seems that should be enough to avoid these messages as he's sending via gmail and it adds DKIM. I'm adding some xmailer subrules - the mobile MUA coverage is thin. I don't expect to see a lot of overlap, but I may add them anyway based on your report. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Politicians never accuse you of "greed" for wanting other people's money, only for wanting to keep your own money.-- Joseph Sobran --- Today: the 73rd anniversary of the end of World War II
Re: Understanding ruleQA results
On Tue, 14 Aug 2018 18:43:52 -0700 (PDT) John Hardin wrote: > On Tue, 14 Aug 2018, RW wrote: > > I don't know that this is particularly specific to mobile, lots of > > people send emails with an empty subject. > > > > It sounds like the main cause would be a signature that contains the > > senders name as the only thing in a line. That'll be why all the > > FPs mentioned above came from the same person. > > Question: were those messages scored as spam? MISSING_SUBJECT + BAYES_50 + FRNAME_IN_MSG_NO_SUBJ scores 6.098 If I'm reading the score-map correctly (and 4 represents 4.000 to 4.999), then limiting the score to 2.0 seems like a reasonable compromise. scoremap spam: 1 0.17%2 scoremap spam: 3 1.99% 23 scoremap spam: 4 88.86% 1029 *** scoremap spam: 5 3.28% 38 *
[no subject]
test