Re: Again AWL confusion
On 5-Aug-2009, at 02:15, a...@exys.org wrote: The point is that scores below 2 are never spam, Er... that's certainly not true. -- *** AgentSmith sets mode: +m
Re: Again AWL confusion
On Wed, 05 Aug 2009 10:15:00 +0200 a...@exys.org wrote: > 2 to 5 is the sweetspot. That message in question actually proved it > is working, since the URIBL hits came later. Then it scores >10 so > it gets rejected. I noticed earlier that you were greylisting for only 60s; that seems like a fairly short delay to affect listing. > I think that setup is fairly smart, I don't run my own mta, but I do something analogous, in that I do an initial test with Bogofilter and use the result to delay spam up to 24 hours before it's processed with SA. I think if I were doing greylisting I might use Bogofilter's ham result to bypass it, and the unsure/spam results to set short or long delay. > excluding the problem that i train SA with wrong information. I think if Bayes is being mistrained, you have the autotrain thresholds wrong. And in your situation, it's not going to be possible to reverse it properly since the signature will change with the received headers.
Re: Again AWL confusion
On Wed, 2009-08-05 at 22:21 +0200, Matus UHLAR - fantomas wrote: > turning off AWL and autolearn (optionally only when run at SMTP time) would > help you here. Although using such setup you loose much of advantages (like > AWL ;-) and especially personalising... > There are cases where AWL is a menace. In my case I run SA as part of the 'pipeline'[*] between fetchmail and Postfix because there's a bad interaction between the way Postfix runs SA as a subservice and its always_bcc directive. I found that in my set-up AWL was consistently giving unhelpful scores, so its been turned off for quite a while now. [*] 'pipeline' because fetchmail's mda option feeds a pipeline leading to the Postfix.sendmail utility that passes the mail to Postfix. Martin
Re: Again AWL confusion
>> On 05.08.09 00:31, Martin Gregorie wrote: >>> If, for some (very) odd reason you run greylisting after SA then *of >>> course* your host has (a) seen the mail and (b) passed it through SA. >>> How else can the mail get to the greylister? >>> >>> Would you care to explain why you put a greylister behind SA? Do you >>> know how a greylister works and why it was designed to work that >>> way? > Matus UHLAR - fantomas wrote: >> He already explained that he greylists only mail that scores above a limit. On 05.08.09 10:15, a...@exys.org wrote: > exactly. The point is that scores below 2 are never spam, so i avoid > greylisting. Thats my whitelist (you usually need for greylisting) at > the same time, since i whitelist some hosts in SA. > >> In that case we can assume the spam scored high even before so it got >> greylisted. In such case I doubt it was learned as ham, unless the >> greylisting check is broken... > above 2. The njabl hit would have been enough to hit that. It didn't > score above 10, because that would have been rejected at smtp time. > > My guess is that it scored 2 on the first try, then later it would have > scored above 10 due to surbl listings, but awl kicks in and lowers the > score thinking the greylisted mail was an independent message. that's it! you can look at spamd logs and search for the same message-id. >>> And where else did greylisted mail appear in the log? For the >>> mail to be logged as rejected by a greylister *after* its been >>> through SA it must also have been inspected by AWL and therefore it did >>> affect the AWL database. > oh right, i could look at the SA log, but i already know it passed SA 3 > times. while repeated learning of the same message does not affect bayes, I think this doesn't apply for AWL. >> the question is, why it scored hammy? aep, how did it score before >> greylisting? Are you sure you do not have bug in your greylisting code? > see above. i'm pretty sure the "bug" is passing the same message to SA > multiple times. >> Btw, I'm not sure if it should not be low scoring messages (spams) for which >> greylisting is very good, since you won't become that early recipient... > 2 to 5 is the sweetspot. That message in question actually proved it is > working, since the URIBL hits came later. Then it scores >10 so it gets > rejected. > I think that setup is fairly smart, excluding the problem that i train > SA with wrong information. > > I wonder if i could ask SA to score a message without learning it, > although exim-sa propably doesnt support that. turning off AWL and autolearn (optionally only when run at SMTP time) would help you here. Although using such setup you loose much of advantages (like AWL ;-) and especially personalising... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh".
Re: Again AWL confusion
a...@exys.org wrote: > exactly. The point is that scores below 2 are never spam, so i avoid > greylisting. Thats my whitelist (you usually need for greylisting) at > the same time, since i whitelist some hosts in SA. Interesting set-up, although I don't think it would be suitable for a high-volume server. So what do you use to do this? exim-sa and what greylisting software? > above 2. The njabl hit would have been enough to hit that. It didn't > score above 10, because that would have been rejected at smtp time. > > My guess is that it scored 2 on the first try, then later it would have > scored above 10 due to surbl listings, but awl kicks in and lowers the > score thinking the greylisted mail was an independent message. With most greylisting systems, the temporary reject is before the data section (which helps save bandwidth), so it's hard to know if it's two attempts to deliver the same message, or two independent messages. Not so in your case, however. What is auto_whitelist_factor set at? > >>> And where else did greylisted mail appear in the log? For the >>> mail to be logged as rejected by a greylister *after* its been >>> through SA it must also have been inspected by AWL and therefore it did >>> affect the AWL database. >> > oh right, i could look at the SA log, but i already know it passed SA 3 > times. Worth doing. >> the question is, why it scored hammy? aep, how did it score before >> greylisting? Are you sure you do not have bug in your greylisting code? >> > see above. i'm pretty sure the "bug" is passing the same message to SA > multiple times. Well, by definition that isn't an SA bug. Or are you suggesting AWL should check to see if the same Message-ID has been seen before, and if it has, not score or learn? That would be an extra database lookup, and it would mean AWL would also be disabled for valid mail that had been delayed by greylisting (maybe OK, because it presumably hasn't been seen before). Bayes *shouldn't* allow learning of the same message more than once (it's doesn't if you train it manually), but maybe autolearn doesn't update bayes_seen (??). I think the simplest solution for your config is just: use_auto_whitelist 0 bayes_auto_learn 0 Setting 'tflags URIBL_BLACK noautolearn' etc. on the remote tests would probably mean the AWL decrease would be less, because AWL is then just smoothing out the scores from the local tests. None of this sounds very efficient with minimising DNS lookups and reducing carbon footprints... CK
Re: Again AWL confusion
Matus UHLAR - fantomas wrote: On 05.08.09 00:31, Martin Gregorie wrote: If, for some (very) odd reason you run greylisting after SA then *of course* your host has (a) seen the mail and (b) passed it through SA. How else can the mail get to the greylister? Would you care to explain why you put a greylister behind SA? Do you know how a greylister works and why it was designed to work that way? He already explained that he greylists only mail that scores above a limit. exactly. The point is that scores below 2 are never spam, so i avoid greylisting. Thats my whitelist (you usually need for greylisting) at the same time, since i whitelist some hosts in SA. In that case we can assume the spam scored high even before so it got greylisted. In such case I doubt it was learned as ham, unless the greylisting check is broken... above 2. The njabl hit would have been enough to hit that. It didn't score above 10, because that would have been rejected at smtp time. My guess is that it scored 2 on the first try, then later it would have scored above 10 due to surbl listings, but awl kicks in and lowers the score thinking the greylisted mail was an independent message. And where else did greylisted mail appear in the log? For the mail to be logged as rejected by a greylister *after* its been through SA it must also have been inspected by AWL and therefore it did affect the AWL database. oh right, i could look at the SA log, but i already know it passed SA 3 times. the question is, why it scored hammy? aep, how did it score before greylisting? Are you sure you do not have bug in your greylisting code? see above. i'm pretty sure the "bug" is passing the same message to SA multiple times. Btw, I'm not sure if it should not be low scoring messages (spams) for which greylisting is very good, since you won't become that early recipient... 2 to 5 is the sweetspot. That message in question actually proved it is working, since the URIBL hits came later. Then it scores >10 so it gets rejected. I think that setup is fairly smart, excluding the problem that i train SA with wrong information. I wonder if i could ask SA to score a message without learning it, although exim-sa propably doesnt support that.
Re: Again AWL confusion
> On Wed, 2009-08-05 at 00:37 +0200, a...@exys.org wrote: > > Matus UHLAR - fantomas wrote: > > > On 04.08.09 20:09, a...@exys.org wrote: > > >> I have obviously never received any mail from that sender, so why does > > >> it hit? > > >> > > > in later mail you mention that you run SA before greylisting. On 05.08.09 00:31, Martin Gregorie wrote: > If, for some (very) odd reason you run greylisting after SA then *of > course* your host has (a) seen the mail and (b) passed it through SA. > How else can the mail get to the greylister? > > Would you care to explain why you put a greylister behind SA? > Do you know how a greylister works and why it was designed to work that > way? He already explained that he greylists only mail that scores above a limit. In that case we can assume the spam scored high even before so it got greylisted. In such case I doubt it was learned as ham, unless the greylisting check is broken... > > nope. i grepped the global log. the only time that sender ever ocurs it > > was temporary rejected due to greylisting. > And where else did greylisted mail appear in the log? > > For the mail to be logged as rejected by a greylister *after* its been > through SA it must also have been inspected by AWL and therefore it did > affect the AWL database. the question is, why it scored hammy? aep, how did it score before greylisting? Are you sure you do not have bug in your greylisting code? Btw, I'm not sure if it should not be low scoring messages (spams) for which greylisting is very good, since you won't become that early recipient... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are
Re: Again AWL confusion
On Wed, 2009-08-05 at 00:37 +0200, a...@exys.org wrote: > Matus UHLAR - fantomas wrote: > > On 04.08.09 20:09, a...@exys.org wrote: > >> I have obviously never received any mail from that sender, so why does > >> it hit? > >> > in later mail you mention that you run SA before greylisting. If, for some (very) odd reason you run greylisting after SA then *of course* your host has (a) seen the mail and (b) passed it through SA. How else can the mail get to the greylister? Would you care to explain why you put a greylister behind SA? Do you know how a greylister works and why it was designed to work that way? > nope. i grepped the global log. the only time that sender ever ocurs it > was temporary rejected due to greylisting. > And where else did greylisted mail appear in the log? For the mail to be logged as rejected by a greylister *after* its been through SA it must also have been inspected by AWL and therefore it did affect the AWL database. Martin
Re: Again AWL confusion
Matus UHLAR - fantomas wrote: On 04.08.09 20:09, a...@exys.org wrote: See the below message parts (the complete message does not pass the MLs filter) Notably both bayes and AWL are wrong. while I understand why bayes might have done that, i dont understand what AWL is doing here. I have obviously never received any mail from that sender, so why does it hit? in later mail you mention that you run SA before greylisting. Do you use per-use config at that time? nope. Isn't it possible that someone other at your system received mail from the same sender that didn't score much? nope. i grepped the global log. the only time that sender ever ocurs it was temporary rejected due to greylisting. Since most of those checks are RBLs that is collaborative checks, it's possible that similar message received in the past by early recipient scored very low, and if it was autolearned as ham, it could explain the BAYES_00 too. I suspect bayes liked the content. I receive a large amount of non-spam with similar content. Correctly spelled german in spam is rare, especially well formated text-only and utf8. (oh right, i didnt include the content. SAs Spamfilter wouldnt let me because of the URIBL hits :-/ ) Return-path: Envelope-to: a...@exys.org Received: from host231.dhms-domainmanagement.net ([91.199.51.231]) Subject: Virenwarnung - Ihr PC ist=?UTF-8?Q?=20ungesch=C3=BCtzt?= Content-Type: text/plain; charset="UTF-8" Message-ID: To: a...@exys.org X-Spam-Report: Content analysis details: (6.0 points, 5.0 required) pts rule name description -- -- 2.1 RCVD_IN_NJABL_SPAM RBL: NJABL: sender is confirmed spam source [91.199.51.231 listed in combined.njabl.org] -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 2.0 URIBL_BLACKContains an URL listed in the URIBL blacklist [URIs: virenschutz-downloadenDOTinfo] 1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: virenschutz-downloadenDOTinfo] 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: virenschutz-downloadenDOTinfo] 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: virenschutz-downloadenDOTinfo] 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: virenschutz-downloadenDOTinfo] 0.2 SARE_SUB_ENC_UTF8 Message uses character set often used in spam -1.9 AWLAWL: From: address is in the auto white-list X-Spam-Flag: YES
Re: Again AWL confusion
On 04.08.09 20:09, a...@exys.org wrote: > See the below message parts > (the complete message does not pass the MLs filter) > Notably both bayes and AWL are wrong. > while I understand why bayes might have done that, i dont understand > what AWL is doing here. > I have obviously never received any mail from that sender, so why does > it hit? in later mail you mention that you run SA before greylisting. Do you use per-use config at that time? Isn't it possible that someone other at your system received mail from the same sender that didn't score much? Since most of those checks are RBLs that is collaborative checks, it's possible that similar message received in the past by early recipient scored very low, and if it was autolearned as ham, it could explain the BAYES_00 too. > Return-path: > Envelope-to: a...@exys.org > Received: from host231.dhms-domainmanagement.net ([91.199.51.231]) > Subject: Virenwarnung - Ihr PC ist=?UTF-8?Q?=20ungesch=C3=BCtzt?= > Content-Type: text/plain; charset="UTF-8" > Message-ID: > To: a...@exys.org > > X-Spam-Report: > Content analysis details: (6.0 points, 5.0 required) > pts rule name description > -- > -- > 2.1 RCVD_IN_NJABL_SPAM RBL: NJABL: sender is confirmed spam source > [91.199.51.231 listed in combined.njabl.org] > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.] > 2.0 URIBL_BLACKContains an URL listed in the URIBL blacklist > [URIs: virenschutz-downloadenDOTinfo] > 1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL > blocklist > [URIs: virenschutz-downloadenDOTinfo] > 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL > blocklist > [URIs: virenschutz-downloadenDOTinfo] > 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL > blocklist > [URIs: virenschutz-downloadenDOTinfo] > 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL > blocklist > [URIs: virenschutz-downloadenDOTinfo] > 0.2 SARE_SUB_ENC_UTF8 Message uses character set often used in spam > -1.9 AWLAWL: From: address is in the auto white-list > X-Spam-Flag: YES -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don't have lysdexia. The Dog wouldn't allow that.
Re: Again AWL confusion
Please do not quote me out of context. Sorry. didnt find an apropriate way to respond to two statements in one sentence. Again, the greylisting prior to receiving this spam is not the reason. SA, or more specifically AWL, does not know about that. It is. I forgot to mention i run SA prior to greylisting, so i only greylist when the message exceeds a treshhold. As for unlearning: Sure! :) See the spamassassin-run [1] man-page, in particular for the --remove-addr-from-whitelist option. Or maybe the --add-addr-to-blacklist option, which fakes an entry with a score of 50. thanks
Re: Again AWL confusion
On Tue, 2009-08-04 at 21:18 +0200, a...@exys.org wrote:
> > (missing in your paste)
>
> the received header was not missing. just stripped.
Please do not quote me out of context. I said "From: header address
(missing in your paste)". Inserted in the quote below where you ripped
it out.
> > This assumption is wrong. You did receive a message from the From:
> > header address (missing in your paste) and the same originating
> > net-block in the past.
>
> True I did, due to greylisting.
Which SA doesn't know about. Unless, of course, the message or already
received parts has been fed to SA anyway, despite greylisting.
> r...@samir:~$grep 91.199.51.231 /var/log/exim/ -r
> ...
> F= temporarily rejected after
> DATA: greylisted for 60 seconds
> F= temporarily rejected after
> DATA: greylisted for 60 seconds
> <= virenwarndie...@virenschutz-downloaden.info
> H=host231.dhms-domainmanagement.net [91.199.51.231] P=esmtp S=3223
> id=knuula.a6m...@localhost
I guess that's the Envelope-From? AWL looks at the From: header.
Also, SA doesn't necessarily have seen that From / net-block address
recently. Any time in the past would do.
> Greylisting is rather pointless when SA is going to remove the scoring
> gained through later listing again. Should I disable AWL, or can i
> unlearn it?
That's the *exact* point of AWL. It is a historical score averager. [2]
(The name is an artifact due to the fact that humans tend to frequently
send using the same From address, and mostly the same sending net-block.
Whereas spammers forge the sender, and usually distribute the origin
widely. Hence the "white", to protect humans occasionally sending spammy
mail. However, since it really is just an averaging system, it actually
works both ways.)
Again, the greylisting prior to receiving this spam is not the reason.
SA, or more specifically AWL, does not know about that.
As for unlearning: Sure! :) See the spamassassin-run [1] man-page, in
particular for the --remove-addr-from-whitelist option. Or maybe the
--add-addr-to-blacklist option, which fakes an entry with a score of 50.
guenther
[1] http://spamassassin.apache.org/full/3.2.x/doc/spamassassin-run.html
[2] http://wiki.apache.org/spamassassin/AutoWhitelist and
http://wiki.apache.org/spamassassin/AwlWrongWay
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Again AWL confusion
On Tue, 2009-08-04 at 21:18 +0200, a...@exys.org wrote: > > This assumption is wrong. You did receive a message from the From: > > header address and the same originating > > net-block in the past. > > > > > Should I disable AWL, or can i > unlearn it? Apparently you previously (maybe not this week) received one that scored 4.2. The averaging tool brought the score half-way between the new score and the old score. The effect is that if a good guy tends to send mail that scores 1.0, then one bad message (scoring, say, 7.0) won't get tossed. Similarly, if a brigand tends to send mail scoring 20, and he manages to miss all of the rules for one message, it will still be dropped. Don't get hung up on the "white" part of AWL. It's just as much an automatic black list. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: Again AWL confusion
> (missing in your paste) the received header was not missing. just stripped. Received: from host231.dhms-domainmanagement.net ([91.199.51.231]) This assumption is wrong. You did receive a message from the From: header address and the same originating net-block in the past. True I did, due to greylisting. r...@samir:~$grep 91.199.51.231 /var/log/exim/ -r ... F= temporarily rejected after DATA: greylisted for 60 seconds F= temporarily rejected after DATA: greylisted for 60 seconds <= virenwarndie...@virenschutz-downloaden.info H=host231.dhms-domainmanagement.net [91.199.51.231] P=esmtp S=3223 id=knuula.a6m...@localhost Greylisting is rather pointless when SA is going to remove the scoring gained through later listing again. Should I disable AWL, or can i unlearn it?
Re: Again AWL confusion
On Tue, 2009-08-04 at 20:09 +0200, a...@exys.org wrote:
> See the below message parts
> (the complete message does not pass the MLs filter)
> Notably both bayes and AWL are wrong.
> while I understand why bayes might have done that, i dont understand
> what AWL is doing here.
> I have obviously never received any mail from that sender, so why does
> it hit?
This assumption is wrong. You did receive a message from the From:
header address (missing in your paste) and the same originating
net-block in the past.
> X-Spam-Report:
> Content analysis details: (6.0 points, 5.0 required)
> -1.9 AWLAWL: From: address is in the auto white-list
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Again AWL confusion
See the below message parts (the complete message does not pass the MLs filter) Notably both bayes and AWL are wrong. while I understand why bayes might have done that, i dont understand what AWL is doing here. I have obviously never received any mail from that sender, so why does it hit? Return-path: Envelope-to: a...@exys.org Received: from host231.dhms-domainmanagement.net ([91.199.51.231]) Subject: Virenwarnung - Ihr PC ist=?UTF-8?Q?=20ungesch=C3=BCtzt?= Content-Type: text/plain; charset="UTF-8" Message-ID: To: a...@exys.org X-Spam-Report: Content analysis details: (6.0 points, 5.0 required) pts rule name description -- -- 2.1 RCVD_IN_NJABL_SPAM RBL: NJABL: sender is confirmed spam source [91.199.51.231 listed in combined.njabl.org] -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 2.0 URIBL_BLACKContains an URL listed in the URIBL blacklist [URIs: virenschutz-downloadenDOTinfo] 1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: virenschutz-downloadenDOTinfo] 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: virenschutz-downloadenDOTinfo] 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: virenschutz-downloadenDOTinfo] 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: virenschutz-downloadenDOTinfo] 0.2 SARE_SUB_ENC_UTF8 Message uses character set often used in spam -1.9 AWLAWL: From: address is in the auto white-list X-Spam-Flag: YES
RE: AWL confusion.. (drinking game)
Title: RE: AWL confusion.. (drinking game) I thought these two had made it into the Wiki :) Its SATALK comedy gold! >-Original Message- >From: guenther [mailto:[EMAIL PROTECTED]] >Sent: Thursday, May 26, 2005 2:52 PM >To: Craig Jackson >Cc: users@spamassassin.apache.org >Subject: Re: Adjusting the AWL value > > >On Thu, 2005-05-26 at 12:55 -0500, Craig Jackson wrote: >> Hi, >> I'd like to change/reset-to-zero the autowhite list value >for a sender. >> I read the man page (Mail::Spamassassin::Autowhitelist) but don't >> comprehend the syntax. >> >> Can someone give me a hint? > >Rather than Mail::Spamassassin::Autowhitelist you likely want 'man >spamassassin'. :) > >See --remove-from-whitelist and --remove-addr-from-whitelist options. >You can provide the email address alone or feed it the respective mail. > >HTH Remember, most of us call it A.S.S now, instead of AWL. Average Scoring System. To remove someone from your ASS, you simply use the commands listed by guenther above. IMHO, these commands should be updated to keep continuity with the idea that the ASS is not just white. I recommend: --remove-from-my-ass and --remove-addr-from-ass That should work perfectly. --Chris >Andy Jezierski wrote: > >> >> I like it! And since the scores can shift over time, you'd probably >> want people to check them every now and then so you could >tell them to >> >> Keep Intercepting Suspected Spam Monitor Your Average >Scoring System
Re: AWL confusion.. (drinking game)
Matt Kettler wrote: Anders Norrbring wrote: *sigh*.. do we really need to start a SpamAssassin-Users mailing list drinking game? For those not familiar, when you get home for the evening, sit down, with a beverage of your choice (milk, soda, coffee, wine, beer) and read the days mail for spamassassin-users. 3 drinks - Poster believes the name AWL is accurate, and wonders why they got a positive score. 1 drink - Poster asks a question answered by a wiki article Sure, go ahead... Or make a decent Wiki article index so it's possible to surf the wiki in a way that makes any sense. Now it's hard to find articles, the wiki search often returns no results, or even pages without relevance. While I'll agree the index needs some improvement, and the search does not work for many things, the default behavior if you type "awl" in the search box and hit enter yields: http://wiki.apache.org/spamassassin/?action=fullsearch&context=180&value=awl&titlesearch=Titles Which has AwlWrongWay as the first hit And going to the "CategoryFaq" link, under "starting points" on the index yields: http://wiki.apache.org/spamassassin/CategoryFaq Which has AwlWrongWay as the 6th entry. That said, http://wiki.apache.org/spamassassin/FrequentlyAskedQuestions really should link to http://wiki.apache.org/spamassassin/CategoryFaq Wikis are evil, they remind me of the old faq-o-matic, ugh. That is just my opinion, and opinions are like... well you know. The problem with searching is that someone new to a product doesn't always know what to search for. Many times I have had our support guys pass an issue on to me and I found the solution first try in Yahoo Search. The difference was I searched on "wigit rotation knob" and they searched on 'turning wigitknob left". In your example "autowhitelist low score" returns nothing useful, nor does "change awl score" or "awl score too high". Not everyone would try just entering "awl". Certainly after most people have gotten eighty-two-hundred-bazillion hits on a search engine, 99% of which are unrelated, by using a simplistic search. Folks learn to be very specific when searching. Maybe each article on the wiki should be indexed to a specific config option, or options? Just a thought. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: AWL confusion.. (drinking game)
Matt Kettler skrev: Anders Norrbring wrote: *sigh*.. do we really need to start a SpamAssassin-Users mailing list drinking game? For those not familiar, when you get home for the evening, sit down, with a beverage of your choice (milk, soda, coffee, wine, beer) and read the days mail for spamassassin-users. 3 drinks - Poster believes the name AWL is accurate, and wonders why they got a positive score. 1 drink - Poster asks a question answered by a wiki article Sure, go ahead... Or make a decent Wiki article index so it's possible to surf the wiki in a way that makes any sense. Now it's hard to find articles, the wiki search often returns no results, or even pages without relevance. While I'll agree the index needs some improvement, and the search does not work for many things, the default behavior if you type "awl" in the search box and hit enter yields: http://wiki.apache.org/spamassassin/?action=fullsearch&context=180&value=awl&titlesearch=Titles Which has AwlWrongWay as the first hit And going to the "CategoryFaq" link, under "starting points" on the index yields: http://wiki.apache.org/spamassassin/CategoryFaq Which has AwlWrongWay as the 6th entry. That said, http://wiki.apache.org/spamassassin/FrequentlyAskedQuestions really should link to http://wiki.apache.org/spamassassin/CategoryFaq True. Sadly enough, many people (me on that list) get so frustrated while trying to find out about specific topics that we simply turn elsewhere (like google) instead. Of course with loads of hits to hints, tips and tricks, which turns out to be worth as much as a sunlamp in Sahara when tested... Or we go asking stupid questions on the list. I'm very familiar with my old, but not so trustworthy anymore, SA 2.6.x and I got kindof confused by the many changed options and concepts in 3.1. Since I'm setting up a new mail gateway, there are a couple of options that need to interact, and with a documentation and wiki like the current SA, it turns into a annoying job to do it. I'm on to the AV scanning now, wish me luck.. Hehe. -- Anders Norrbring Norrbring Consulting
Re: AWL confusion.. (drinking game)
Anders Norrbring wrote: > >> *sigh*.. do we really need to start a SpamAssassin-Users mailing list >> drinking game? >> >> For those not familiar, when you get home for the evening, sit down, >> with a beverage of your choice (milk, soda, coffee, wine, beer) and read >> the days mail for spamassassin-users. >> >> 3 drinks - Poster believes the name AWL is accurate, and wonders why >> they got a positive score. >> 1 drink - Poster asks a question answered by a wiki article >> > > Sure, go ahead... Or make a decent Wiki article index so it's possible > to surf the wiki in a way that makes any sense. > > Now it's hard to find articles, the wiki search often returns no > results, or even pages without relevance. While I'll agree the index needs some improvement, and the search does not work for many things, the default behavior if you type "awl" in the search box and hit enter yields: http://wiki.apache.org/spamassassin/?action=fullsearch&context=180&value=awl&titlesearch=Titles Which has AwlWrongWay as the first hit And going to the "CategoryFaq" link, under "starting points" on the index yields: http://wiki.apache.org/spamassassin/CategoryFaq Which has AwlWrongWay as the 6th entry. That said, http://wiki.apache.org/spamassassin/FrequentlyAskedQuestions really should link to http://wiki.apache.org/spamassassin/CategoryFaq
Re: AWL confusion.. (drinking game)
*sigh*.. do we really need to start a SpamAssassin-Users mailing list drinking game? For those not familiar, when you get home for the evening, sit down, with a beverage of your choice (milk, soda, coffee, wine, beer) and read the days mail for spamassassin-users. 3 drinks - Poster believes the name AWL is accurate, and wonders why they got a positive score. 1 drink - Poster asks a question answered by a wiki article Sure, go ahead... Or make a decent Wiki article index so it's possible to surf the wiki in a way that makes any sense. Now it's hard to find articles, the wiki search often returns no results, or even pages without relevance. -- Anders Norrbring Norrbring Consulting
Re: AWL confusion.. (drinking game)
Theo Van Dinter wrote: > On Tue, Aug 29, 2006 at 08:51:14PM +0200, Anders Norrbring wrote: > >> Shouldn't mail in the AWL get a *negative* score? Or did I just mess my >> mind up? >> > > http://wiki.apache.org/spamassassin/AwlWrongWay > > *sigh*.. do we really need to start a SpamAssassin-Users mailing list drinking game? For those not familiar, when you get home for the evening, sit down, with a beverage of your choice (milk, soda, coffee, wine, beer) and read the days mail for spamassassin-users. 3 drinks - Poster believes the name AWL is accurate, and wonders why they got a positive score. 1 drink - Poster asks a question answered by a wiki article Others rules, not applicable here: 2 drinks - Poster asks a question answered in the FAQ 2 drinks - Poster asks a question answered in the README, INSTALL or UPGRADE files. 3 drinks - Poster installed SA, but didn't hook it to their mail system and wonders why it isn't working. quadruple-score - Poster is on the SpamAssassin project management committee. (as per the section of CREDITS) triple-score - Poster is a SpamAssassin committer (as per the section of CREDITS) double-score - Poster is a SpamAssassin contributor (anyone else listed in CREDITS )
Re: AWL confusion..
Anders Norrbring wrote: I just got rediciously confused.. I sent a mail to myself, testing some stuff, and of course it's in the same domain and network as the server. I got: 9.6 AWL AWL: From: address is in the auto white-list Shouldn't mail in the AWL get a *negative* score? Or did I just mess my mind up? http://wiki.apache.org/spamassassin/AwlWrongWay -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw
Re: AWL confusion..
Anders Norrbring wrote: I just got rediciously confused.. I sent a mail to myself, testing some stuff, and of course it's in the same domain and network as the server. I got: 9.6 AWL AWL: From: address is in the auto white-list Shouldn't mail in the AWL get a *negative* score? Or did I just mess my mind up? http://wiki.apache.org/spamassassin/AwlWrongWay Regards, Andreas
Re: AWL confusion..
On Tue, Aug 29, 2006 at 08:51:14PM +0200, Anders Norrbring wrote: > Shouldn't mail in the AWL get a *negative* score? Or did I just mess my > mind up? http://wiki.apache.org/spamassassin/AwlWrongWay -- Randomly Generated Tagline: QOTD: Talk about willing people... over half of them are willing to work and the others are more than willing to watch them. pgpemXROZavjB.pgp Description: PGP signature
AWL confusion..
I just got rediciously confused.. I sent a mail to myself, testing some stuff, and of course it's in the same domain and network as the server. I got: 9.6 AWL AWL: From: address is in the auto white-list Shouldn't mail in the AWL get a *negative* score? Or did I just mess my mind up? -- Anders Norrbring Norrbring Consulting
RE: AWL confusion
I agree it's a very misleading term. The easiest and most appropriate term I've heard is "historical averaging". -Original Message- From: Bill Landry [mailto:[EMAIL PROTECTED] Sent: Monday, December 20, 2004 7:51 AM To: users@spamassassin.apache.org Subject: Re: AWL confusion - Original Message - From: "Rich" <[EMAIL PROTECTED]> > > On Sun, 19 Dec 2004 17:02:06 -0500, Rich <[EMAIL PROTECTED]> wrote: > >> So why on earth is a 17-score given to an address in an auto white-list? > >> Shouldn't an address get a negative score (or, at least, a neutral zero) > >> if it's in a WL? > > > > You may want to read up on the AWL in the WIKI - it explains exactly > > why you're seeing the scores you are. > > Ahh, so AWL is not a "white-list" in any way - it's a "sender history" > score. That is quite misleading. I agree, and that why I thought that "auto weight leveling" was a more appropriate and correctly descriptive name than "auto whitelist". But that's just my 2 cents... Bill
Re: AWL confusion
- Original Message - From: "Rich" <[EMAIL PROTECTED]> > > On Sun, 19 Dec 2004 17:02:06 -0500, Rich <[EMAIL PROTECTED]> wrote: > >> So why on earth is a 17-score given to an address in an auto white-list? > >> Shouldn't an address get a negative score (or, at least, a neutral zero) > >> if it's in a WL? > > > > You may want to read up on the AWL in the WIKI - it explains exactly > > why you're seeing the scores you are. > > Ahh, so AWL is not a "white-list" in any way - it's a "sender history" > score. That is quite misleading. I agree, and that why I thought that "auto weight leveling" was a more appropriate and correctly descriptive name than "auto whitelist". But that's just my 2 cents... Bill
Re: AWL confusion
> On Sun, 19 Dec 2004 17:02:06 -0500, Rich <[EMAIL PROTECTED]> wrote: >> So why on earth is a 17-score given to an address in an auto white-list? >> Shouldn't an address get a negative score (or, at least, a neutral zero) >> if it's in a WL? > > You may want to read up on the AWL in the WIKI - it explains exactly > why you're seeing the scores you are. Ahh, so AWL is not a "white-list" in any way - it's a "sender history" score. That is quite misleading. Rich
Re: AWL confusion
On Sun, 19 Dec 2004 17:02:06 -0500, Rich <[EMAIL PROTECTED]> wrote: > So why on earth is a 17-score given to an address in an auto white-list? > Shouldn't an address get a negative score (or, at least, a neutral zero) > if it's in a WL? You may want to read up on the AWL in the WIKI - it explains exactly why you're seeing the scores you are. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche
AWL confusion
Me new email host is using SA 3.0.1 and I have been watching what gets caught and what doesn't so I can do some user_prefs tuning if necessary. But I don't understand what is going on with this AWL stuff. The host service has it turned on and I get a non-spam message with this score report in it: X-Spam-Report: * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.] * 17 AWL AWL: From: address is in the auto white-list So why on earth is a 17-score given to an address in an auto white-list? Shouldn't an address get a negative score (or, at least, a neutral zero) if it's in a WL? Rich
