Re: A lot a false negatives
On 19/01/22 16:35, Xavier Humbert wrote: X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5.5 tests=[AWL=0.642, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, MIME_QP_LONG_LINE=0.001, SPF_FAIL=0.001, SPF_HELO_NONE=0.001] autolearn=ham autolearn_force=no It looks like your bayes db is poisoned/not trained correctly. Best course of action, IMO, is to delete it and restart training from scratch, with a decent corpus of ham and spam -- Best regards, Riccardo Alfieri Spamhaus Technology https://www.spamhaustech.com/
Re: spf fails at apache.org forwards ipv6
Benny Pedersen: : host mx1-he-de.apache.org[2a01:4f8:c2c:2bf7::1] said: 550 5.7.23 : Recipient address rejected: ASF gnomes rejected your message: SPF fail - not authorized. See https://infra.apache.org/mail-rejection.html (in reply to RCPT TO command) is it solved ? On 2022-01-19 11:41, David Bürgin wrote: Impossible to say more without knowing the context (sender email and IP address). On 19.01.22 16:02, Benny Pedersen wrote: my own flatted ips is v=spf1 ip4:172.104.150.56 ip6:2a01:7e01::f03c:92ff:fe3b:151e ip6:2a01:7e01:e001:289::1 ip6:2a01:7e01:e001:289::2/127 ip6:2a01:7e01:e001:289::4 -all perhaps Received: headers from the mail you have received. If that mail was rejected within apache network, you should see which server rejected from which one. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name.
Re: A lot a false negatives
On 19.01.22 16:35, Xavier Humbert wrote: My Thunderbird's Junk mailbox is full (75%) of spams, recognized by TB's bayes engine, but not by SA's. They are quite often even scored as negatives Despite the monthly use of sa_learn from Junk mailbox, spams keep being not flagged. Example a false negative : X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5.5 tests=[AWL=0.642, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, MIME_QP_LONG_LINE=0.001, SPF_FAIL=0.001, SPF_HELO_NONE=0.001] autolearn=ham autolearn_force=no you need spamassassin training. automatic training can easily lead to mistraining. unfortunately, many mass-mailing providers are welcomelisted through many DNSWLs and send mail that looks much like spam. I use SA for more than 10 years, but in a very basic manner. Is there some doc on how to harden SA ? Some useful plugins ? Bayes is clearly not sufficient in my case using razor/pyzor/DCC helps much. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK]
A lot a false negatives
Hi, My Thunderbird's Junk mailbox is full (75%) of spams, recognized by TB's bayes engine, but not by SA's. They are quite often even scored as negatives Despite the monthly use of sa_learn from Junk mailbox, spams keep being not flagged. Example a false negative : X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5.5 tests=[AWL=0.642, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, MIME_QP_LONG_LINE=0.001, SPF_FAIL=0.001, SPF_HELO_NONE=0.001] autolearn=ham autolearn_force=no versus a detected spam : X-Spam-Status: Yes, score=16.885 tagged_above=-999 required=5.5 tests=[ANY_PILL_PRICE=1, BAYES_60=1.5, DATE_IN_FUTURE_12_24=3.199, DRUGS_ERECTILE=1.994, DRUGS_ERECTILE_OBFU=1.109, GAPPY_LOW_CONTRAST=2.497, GAPPY_SUBJECT=0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_ABUSE_SURBL=1.25, URIBL_DBL_SPAM=2.5, URIBL_SBL=1.623, URIBL_SBL_A=0.1] autolearn=spam autolearn_force=no I use SA for more than 10 years, but in a very basic manner. Is there some doc on how to harden SA ? Some useful plugins ? Bayes is clearly not sufficient in my case Thanks in advance Regards Xavier -- Xavier HUMBERT AMDH.FR - Infogérance - Architecte Réseaux et Systèmes https://www.amdh.fr/
Re: spf fails at apache.org forwards ipv6
On 2022-01-19 11:41, David Bürgin wrote: Benny Pedersen: : host mx1-he-de.apache.org[2a01:4f8:c2c:2bf7::1] said: 550 5.7.23 : Recipient address rejected: ASF gnomes rejected your message: SPF fail - not authorized. See https://infra.apache.org/mail-rejection.html (in reply to RCPT TO command) is it solved ? The server rejected your message because you are using a sender address that is not allowed according to SPF policy? spf enveloppe changes on next server and it was not accepted internal v=spf1 ip4:3.227.148.255 ip4:95.216.194.37 ip4:116.203.82.107 ip4:116.203.166.180 ip4:159.69.187.90 ip4:198.2.128.0/24 ip4:198.2.132.0/22 ip4:198.2.136.0/23 ip4:198.2.145.0/24 ip4:198.2.177.0/24 ip4:198.2.178.0/23 ip4:198.2.180.0/24 ip4:198.2.186.0/23 ip4:205.201.131.128/25 ip4:205.201.134.128/25 ip4:205.201.136.0/23 ip4:205.201.139.0/24 ip4:207.244.88.131 ip4:207.244.88.144 ip4:207.244.88.153 ip6:2a01:4f8:c2c:e8b::/64 ip6:2a01:4f9:c010:567c::1 -all so one hetzner server was not accepted on apache.org content filters ? i think the content filter part did not change envelope sender before checked spf i should not speculate, but its common error if more then 256 mx ips in ipv4, have not counted ipv6 yet Impossible to say more without knowing the context (sender email and IP address). my own flatted ips is v=spf1 ip4:172.104.150.56 ip6:2a01:7e01::f03c:92ff:fe3b:151e ip6:2a01:7e01:e001:289::1 ip6:2a01:7e01:e001:289::2/127 ip6:2a01:7e01:e001:289::4 -all
Re: spf fails at apache.org forwards ipv6
Benny Pedersen: > : host > mx1-he-de.apache.org[2a01:4f8:c2c:2bf7::1] said: 550 5.7.23 > : Recipient address rejected: ASF gnomes > rejected your message: SPF fail - not authorized. See > https://infra.apache.org/mail-rejection.html (in reply to RCPT TO > command) > > > is it solved ? The server rejected your message because you are using a sender address that is not allowed according to SPF policy? Impossible to say more without knowing the context (sender email and IP address).
spf fails at apache.org forwards ipv6
: host mx1-he-de.apache.org[2a01:4f8:c2c:2bf7::1] said: 550 5.7.23 : Recipient address rejected: ASF gnomes rejected your message: SPF fail - not authorized. See https://infra.apache.org/mail-rejection.html (in reply to RCPT TO command) is it solved ?
Re: Question about user specific bayes
On 2022-01-18 22:34, Bill Cole wrote: Well, maybe? I don't currently have a system using per-user Bayes and it's been a bit since I set one up so hopefully someone who has a working rig will speak up... fuglu have pr user bayes pr default, and it recently fixed that local part before could be mixed case so sender could create another bayes user, ups, i had hoped on that this was solved in spamassassin core, but maybe in sa 4.0.0 Note that SA will try to create an empty DB if none exists. and if spamd / spamc uses virtual sql users, or have static db files for all users with read/write permissions, ideal if sqlite3 user prefs is configured it could be very simple I'm not sure that I can think up a circumstance (other than a disappearing user) where fallback to global Bayes would happen. is this even supported ? SA will not fall back to a global Bayes DB just because an otherwise perfectly good per-user DB isn't properly seeded. good