Re: Help with bayes
Kai Schaetzl wrote: Troy Settle wrote on Mon, 17 Nov 2008 13:33:10 -0500: I'm having a major problem with the bayes system. I cleared the bayes database and let it start re-learning. Once it kicked in, I again started getting false hits with BAYES_00=-2.599 on a great many spam/uce messages. How did you "let it start re-learning"? What's the output of sa-learn dump magic? From incoming mail. I'm still working on building a corpus suitable for sa-learn. $ sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 44946 0 non-token data: nspam 0.000 0 36757 0 non-token data: nham 0.000 0 545675 0 non-token data: ntokens 0.000 0 1226964376 0 non-token data: oldest atime 0.000 0 1227033356 0 non-token data: newest atime 0.000 0 1227033315 0 non-token data: last journal sync atime 0.000 0 1227007705 0 non-token data: last expiry atime 0.000 0 43200 0 non-token data: last expire atime delta 0.000 0 393274 0 non-token data: last expire reduction count FWIW, how bad would I screw things up if I were to override the BAYES_00 score to 0? -- Troy Settle Pulaski Networks ~ http://www.psknet.com 866.477.5638 ~ 540.994.4254
Help with bayes
I'm having a major problem with the bayes system. I cleared the bayes database and let it start re-learning. Once it kicked in, I again started getting false hits with BAYES_00=-2.599 on a great many spam/uce messages. Can someone point me to some good reading material to better understand why this is happening, and how to prevent it? SA is running under a single user site-wide (about 2500 mailboxes total). Is this screwing things up for me? Would I have better results if I were to run SA for each user separately? Thanks, -- Troy Settle Pulaski Networks 866.477.5638
Re: SpamAssassin config
Sujit Acharyya-Choudhury wrote: I have been modifying local.cf so that report_safe is 0 or 1. Can not see any change. For my sin, my exim config has the following entry: warncondition = ${if or{\ {eq {${substr_0_6:$sender_host_address}}{161.74}}\ {>{$message_size}{60K}}\ }\ {0}{1}} spam = exim message = X-New-Subject: **SPAM** $h_Subject: log_message = found spam score over treshold ($spam_score ($spam_bar )) Sender=\'$sender_address\' Subject=$h_Subject In lcoal.cf in /etc/mail/spamassassin, I have rewrite_header subject **SPAM** # report_safe 1 I was wondering whether that modifies the header and can not see anything else. This isn't a SpamAssassin question, but an exim question that should go to the Exim-Users list, though this is easily found on the Exim Wiki: http://wiki.exim.org/ExiscanExamples The problem you're running into, is that with the exiscan-acl extensions on Exim, SpamAssassin isn't working with the original message, it's working with a copy of the message. The headers are probably getting re-written as you told SA to do, but since it's only a copy of the original message, exim will never see the changes made by SA. You need to create a system filter: if first_delivery then if $h_X-New-Subject: is not "" then headers remove Subject headers add "Subject: $rh_X-New-Subject:" headers remove X-New-Subject endif endif Also, you might want to use $rh_Subject: rather than $h_Subject: HTH, -- Troy Settle Pulaski Networks 866.477.5638
Re: exim spamassassin AFTER SMTP
TN wrote: Hi all, It seems that almost everyone wants spamassasin before SMTP, but I need help in setting it up after delivery. At the moment, I am using Exim4.6x, with SA 3.1.7, and it's default setup is to do the filtering at the ACL stage in Exim. We find this a bit tedious since users sending email have to endure quite a delay when sending, while SA does its work.we would much prefer it to accept the delivery, so that the user isn't waiting for their email client to finish up. We don't reject spam anyway, we're just happy to rewrite the subject, mark the email as spam and then let the email client rules sort the ham from spam based on those 2 marks - obviously we don't have a heavily laden email link so we can afford to accept spam and filter it after SMTP. Alternatively, can it be configured to not do ANY filtering on authenticated senders, but process every other incoming email at ACL stage ? This would probably be best. How can I do either of these with Exim & SA ? thanks T TN, This probably belongs on the Exim-users list, rather than the spamassassin list, but here goes... It's pretty easy... In your rcpt acl, set a variable for your relay_from_hosts and authenticated users. Then, in the data acl, accept the message if the variable is set before you send the message to spamd. I also bypass spamd for messages from user-approved senders. check_rcpt: accept hosts = +relay_from_hosts add_header = X-ANTISPAM: Message sent from an accepted end-user host or network set acl_m_allow = 1 control = submission accept authenticated = * add_header = X-ANTISPAM: Message sent from an authenticated user set acl_m_allow = 1 control = submission accept condition = ${if eq{${lookup mysql{USER_ACL}}}{allow}{1}{0}} set acl_m_allow = 1 add_header = X-ANTISPAM-SKIPPED: Sender in user's allowed senders list check_data: warn condition = ${if !={$acl_m_allow}{1}} spam= global:true add_header = X-SPAM-SCORE: $spam_score\nX-SPAM-REPORT: $spam_report -- Troy Settle Pulaski Networks 866.477.5638
Re: Am I an idiot, or is bayes broken on my system?
Matus UHLAR - fantomas wrote: are you sure spamc and spamassassin use the same BAYES dsatabase? Did you try giving your uername to spamd via '-u' ? Yes, I provided the -u flag to every command (spamassassin, sa-learn, and spamc). Right now, everything is run under the user 'global' until I can figure out how to use SA/Bayes for individual virtual users... -- Troy Settle Pulaski Networks 866.477.5638
Am I an idiot, or is bayes broken on my system?
I received a piece of junkmail this morning: http://home.psknet.com/troy/1.txt In the spam report, I see this: BAYES_00=-2.599 So, I run it through sa-learn with --spam: Learned tokens from 1 message(s) (1 message(s) examined) Then, I re-scan it using spamc, and still I get: BAYES_00=-2.599 What gives? I don't expect the total score to come up much, but the bayes should at least go from a negative number to a positive number... shouldn't it? BTW, this is the 3rd or 4th annuity/insurance spam I've received and piped through sa-learn in the last few days (I don't have samples of the others, but I'll definitely keep samples of future such messages). -- Troy Settle Pulaski Networks 866.477.5638