Re: ALL_TRUSTED Overriding Bayes
On Wed, 16 May 2007, Clay Davis wrote: I only have one internal network 10.0.0.0 (mask: 255.255.255.0). I have attached a few of the message that scored like this. Do you have any trusted_networks or internal_networks set up in SA's local.cf? If not, SA would be trying to guess your internal/trusted networks and by the looks is guessing incorrectly. Here is the link in the wiki that describes the trust path: http://wiki.apache.org/spamassassin/TrustPath?highlight=%28network%29
Re: ALL_TRUSTED Overriding Bayes
On Wed, 16 May 2007, Clay Davis wrote: Hi gang: I am getting a bunch of messages that are passing through my SA setup with the following scores: pts rule name description -- -- 0.0 SUBJ_FOR_ONLY Subject contains "For Only" -3.3 ALL_TRUSTEDDid not pass through any untrusted hosts 0.0 HTML_IMAGE_RATIO_02BODY: HTML has a low ratio of text to image area 0.0 HTML_90_100BODY: Message is 90% to 100% HTML 0.5 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message 4.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.6 SARE_UNSUB38D RAW: SARE_UNSUB38D As you can see, Bayes knows they are spam but the "ALL_TRUSTED" rule is discounting enough to counter. What's the best way to nail these bastards? How do you have your trusted/internal networks set up? According to your SA install, the message came from a 100% trusted source (i.e. all received headers were trusted).
ALL_TRUSTED Overriding Bayes
Hi gang: I am getting a bunch of messages that are passing through my SA setup with the following scores: pts rule name description -- -- 0.0 SUBJ_FOR_ONLY Subject contains "For Only" -3.3 ALL_TRUSTEDDid not pass through any untrusted hosts 0.0 HTML_IMAGE_RATIO_02BODY: HTML has a low ratio of text to image area 0.0 HTML_90_100BODY: Message is 90% to 100% HTML 0.5 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message 4.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.6 SARE_UNSUB38D RAW: SARE_UNSUB38D As you can see, Bayes knows they are spam but the "ALL_TRUSTED" rule is discounting enough to counter. What's the best way to nail these bastards? Thanks, Clay