Irregular Test Reports in SA?
First, apologies in advance, I know this list is for seasoned users. I'm a consumer—not an administrator by any means—but posting here in hopes that the SA focus of the list will provide a clear answer. I'm on a shared web hosting plan and receiving an inordinate amount of very obvious spam. SA is enabled and email is being scanned and scored accordingly. The problem is the scores are too low (1-2) and consequently no mail management is being triggered, messages then hit my inbox. If I paste these same Spam mails into an online check service, they trigger a handful of tests that my web host's SA install seems to ignore or miss. The difference is steep, with messages scoring a range of 4 to 14 points higher, which correctly equates to the majority of the spam. These tests are comprised mostly of checks against trustworthy blocklists. Where I'm confused: Is this an obvious sign that the web host isn't updating SA appropriately, or is it normal the test reports don't match? Am I misunderstanding the scoring system? After months of back and forth with the web host, their recommendation has been to add rules and do more intensive SA learning. But the way I understand it, no amount of tweaking symbolic test scores or adding rules can make up for not running the tests to begin with. Without having root access to the SA install, can I even influence which tests are applied? If not, my only option is to leave my host for a service that keeps their SA install updated. Your insight here will help me confidently make that decision. Example of the difference in output: http://pastebin.com/ph6wZw2R Thanks very much for your help! -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Irregular-Test-Reports-in-SA-tp115438.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Irregular Test Reports in SA?
All — thanks so much for your time. Regarding your questions, I'll do my best to answer given my inexperience with SA. Kevin A. McGrail wrote > We need more headers to see. What version of SpamAssassin does the > headers show? What rules does it show it hits when it does hit? Here's raw source of another example I received today, although I don't see an SA version in there. I also again included the contrasting output from an online check. The difference is 10 points. http://pastebin.com/HbtC6ETu How is Bayes being trained? I'm a stranger to Bayes principles, so I honestly don't know. Here's what the ISP provides me in terms of configuration: 1) A basic cPanel interface labeled "SA configuration" which is made up of form fields that add white list and black list entries and fields for reassigning test scores. http://i.imgur.com/5IrbCz4.png 2) Access to a few raw files, which contain Bayes info and user prefs, which I'm assuming coincide with the above. http://i.imgur.com/ZUagJzp.png That's the extent to which I can tweak SA. Anything beyond requires working with the ISP. They've mentioned editing the user pref file per the following: />Because of that you can train further Spam Assassin to catch more spam and to performed more test if >required. You can edit this configuration file to do the changes: >/home/xxx/.spamassassin/user_prefs >Different scores can be used, alongside further tests etc. to be carried out. The following are increased >scores for tests that you may consider to be spam catching: >score RCVD_IN_BL_SPAMCOP_NET2.5 >score RCVD_IN_SBL 2.0 >score URIBL_SBL 1.5 >score URIBL_OB_SURBL2.5 >score RAZOR2_CF_RANGE_E8_51_100 0.1/ Should this be necessary for a well-maintained instance of SA? Again, thanks very much and just to reiterate, what I'm hoping to understand is what's causing the discrepancy between the scores. Is it my user error (can I affect which tests are triggered? Should I be performing "learning" somehow to affect triggering tests?) or if this is poor maintenance from the ISP ( they're not updating the software, not adding common tests, etc). Given what you've seen, is this "shoddy" plug'n'play for an install of SA? -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Irregular-Test-Reports-in-SA-tp115438p115481.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
