Re: Improve spam hit rate
Am 10.03.2015 um 18:29 schrieb Lorenzo Thurman: I have these messages in a paste: http://pastebin.com/jNQfRerx. They were received about 1 1/2 hours apart. After I received the first one, I ran sudo sa-learn —spam /path/to/mail/folder against it and then sudo sa-learn —sync. spamassasin reported that it ‘learned tokens from 1 message…’ you likely train the wrong bayes sa-learn must run at the same user as the spamassassin / spamd nobody is calling such things as root by sudo BTW signature.asc Description: OpenPGP digital signature
Re: Improve spam hit rate
On Mar 10, 2015, at 12:54 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 10.03.2015 um 18:29 schrieb Lorenzo Thurman: I have these messages in a paste: http://pastebin.com/jNQfRerx. They were received about 1 1/2 hours apart. After I received the first one, I ran sudo sa-learn —spam /path/to/mail/folder against it and then sudo sa-learn —sync. spamassasin reported that it ‘learned tokens from 1 message…’ you likely train the wrong bayes sa-learn must run at the same user as the spamassassin / spamd nobody is calling such things as root by sudo BTW Yes, I’m embarrassed. I actually receive mail in an account different account. When training, I thought I could just run sa-learn as root and get the desired affect. I’ve run it as the correct user and I’ve at least of couple of duplicate messages correctly labeled as spam.
Re: Improve spam hit rate
On Tue, 10 Mar 2015, Lorenzo Thurman wrote: I have these messages in a paste: http://pastebin.com/jNQfRerx http://pastebin.com/jNQfRerx. They were received about 1 1/2 hours apart. After I received the first one, I ran sudo sa-learn —spam /path/to/mail/folder against it and then sudo sa-learn —sync. Is that the only message you've trained bayes with? Bayes needs sufficient examples of both spam and ham in order to make a decision. The default minimum is 200 of each. There's also the common error of training a different bayes database than the one that SA is using when it scans mail. What user is SA/postfix running under? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Rights can only ever be individual, which means that you cannot gain a right by joining a mob, no matter how shiny the issued badges are, or how many of your neighbors are part of it. -- Marko --- 4 days until Albert Einstein's 136th Birthday
Improve spam hit rate
I have these messages in a paste: http://pastebin.com/jNQfRerx http://pastebin.com/jNQfRerx. They were received about 1 1/2 hours apart. After I received the first one, I ran sudo sa-learn —spam /path/to/mail/folder against it and then sudo sa-learn —sync. spamassasin reported that it ‘learned tokens from 1 message…’ I received the second message, but it was not marked as spam, even though, at least as far as I can see, the messages are identical. All the way down to the low contrast ‘hidden’ text. I’m seeing a lot of this lately, although sometimes, the messages come from different domains (reverse lookups are always ok). My server is Ubuntu linux 14.04. What can I do to improve the detection rate? I’m running sa 3.4.0 which is invoked via postfix in master.cf: smtpinetn - - - - smtpd -vvv -o content_filter=spamassassin sa-update is run via a cron job daily and it last ran early this morning, so its rules should be up to date. So, any ideas? Thanks
