Re[2]: Need help interpretting score
Hello Joe, Tuesday, April 26, 2005, 8:31:43 AM, you wrote: JK> On another server or two I have disabled the auto white-list. Is JK> this acceptable practice? Now that I am into this I recall seeing JK> this issue before and thus decided to disable it. Comments on this JK> practice? My personal practice has become to disable the auto white list for the first month or two of any new install. Once Bayes is well trained and active, and I'm comfortable with the accuracy of the SA system in general, then I turn the AWL on. Seems to work well here. The problems I've had were all shortly after wiping/refreshing the Bayes database, when a small but significant number of emails would be mis-classified by SA, and then AWL would start pushing scores in the wrong direction because of that. Once I get the number of FPs/FNs down, AWL works well. Bob Menschel
Re: Need help interpretting score
Joe Kletch wrote: > > Thinking I should check the auto white-list I looked for the tools on > my FreeBSD 5.3 box running SA 3.02 and no tools exist. Nothing in the > ports tree--so I loaded the RPM port and then set to load the RPM > Package, however it complained about a bunch of missing dependencies > and I got cold feet. > > Anyone know the status of porting spamassassin-tools-3.0.0-1.i386 to > FreeBSD 5.3? > > I really do not want to get to far into the RPM install on this > production machine. > > Really the tools don't require much in the way of installation beyond having the same version of SpamAssassin installed correctly. You should be able to safely grab the scriptfiles out of the tools subdirectory of a SA 3.0.2 tarball and they should work with your ported version of SA. There's no real magic to them, they're just very simple perl scripts that invoke the SA perl APIs. As long as the SA APIs are installed so your version of perl can find them, check_whitelist, etc should just run.
Re: Need help interpretting score
Joe Kletch <[EMAIL PROTECTED]> wrote on 04/26/2005 10:31:43 AM: [snip] > > On another server or two I have disabled the auto white-list. Is this > acceptable practice? Now that I am into this I recall seeing this issue > before and thus decided to disable it. Comments on this practice? > > Joe Kletch > I've never used AWL on my system and it works just fine without it. YMMV Andy
Re: Need help interpretting score
On Apr 26, 2005, at 10:46 AM, Matt Kettler wrote: Joe Kletch wrote: On Apr 26, 2005, at 10:13 AM, Matt Kettler wrote: Off color Jokes are rampant in this organization from the CEO down. I'm sure the auto-learn dbs are quite confused. I'll probably raise the threshold and keep requesting header of FPs. Really, off-color jokes shouldn't be hitting more than 3.0, certainly not high enough to average 7.4. It's actually pretty hard to make a nonspam message score high unless you use GTUBE. Most of the porn rules are 1.5 and less. Even having a subject line declaring the email to be sexually explicit will get you at most 2.9 points. I'd check for the sender in question doing something like forwarding all their email to another account using a client-side script that makes it look like they sent the message. This would re-send all their spam and rack them up quite an AWL score. Thinking I should check the auto white-list I looked for the tools on my FreeBSD 5.3 box running SA 3.02 and no tools exist. Nothing in the ports tree--so I loaded the RPM port and then set to load the RPM Package, however it complained about a bunch of missing dependencies and I got cold feet. Anyone know the status of porting spamassassin-tools-3.0.0-1.i386 to FreeBSD 5.3? I really do not want to get to far into the RPM install on this production machine. Thanks! Joe Kletch
Re: Need help interpretting score
Joe Kletch wrote: > > On Apr 26, 2005, at 10:13 AM, Matt Kettler wrote: > >> > > Off color Jokes are rampant in this organization from the CEO down. > I'm sure the auto-learn dbs are quite confused. I'll probably raise > the threshold and keep requesting header of FPs. Really, off-color jokes shouldn't be hitting more than 3.0, certainly not high enough to average 7.4. It's actually pretty hard to make a nonspam message score high unless you use GTUBE. Most of the porn rules are 1.5 and less. Even having a subject line declaring the email to be sexually explicit will get you at most 2.9 points. I'd check for the sender in question doing something like forwarding all their email to another account using a client-side script that makes it look like they sent the message. This would re-send all their spam and rack them up quite an AWL score.
Re: Need help interpretting score
On Apr 26, 2005, at 10:08 AM, Matt Yackley wrote: Joe Kletch said: Reference header text below "3.7 AWL AWL: From: address is in the auto white-list" why is something in the auto whitelist scoring positive? Shouldn't this be adding negative points? Thanks, Joe Kletch * 3.7 AWL AWL: From: address is in the auto white-list Hi Joe, Check out http://wiki.apache.org/spamassassin/AwlWrongWay On another server or two I have disabled the auto white-list. Is this acceptable practice? Now that I am into this I recall seeing this issue before and thus decided to disable it. Comments on this practice? Joe Kletch
Re: Need help interpretting score
On Apr 26, 2005, at 10:13 AM, Matt Kettler wrote: Joe Kletch wrote: Reference header text below "3.7 AWL AWL: From: address is in the auto white-list" why is something in the auto whitelist scoring positive? Shouldn't this be adding negative points? First, despite it's name the AWL's behavior is NOT limited to being a whitelist. It's a score averager, and has both white and black behaviors. It's called AWL because the more accurate "ASABPPWBWB" (Automatic Score Averager Based on Past Performance With Blacklist and Whitelist Behaviors) is rather awkward. In this case, the AWL saw that the average score of email from this sender in the past was approximately 7.4. It saw that this message was going to score 0, and it split the difference between the past scores, and the current scores. If the message is in fact not spam, then you should look at why email from this sender scored high enough in the past to earn an average of 7.4. If it is spam, well, the AWL just caught something for you based on past performance of the spammer. Also, unless you have a FP or FN, don't expect the direction of the AWL's score assignment to be indicative of whether the AWL thinks the message is spam or not. It's quite common for the AWL to add a small positive score to nonspam with a very large negative score. It's also common for it to subtract a few points from spam with very high positive scores. http://wiki.apache.org/spamassassin/AwlWrongWay Off color Jokes are rampant in this organization from the CEO down. I'm sure the auto-learn dbs are quite confused. I'll probably raise the threshold and keep requesting header of FPs. Joe Kletch
Re: Need help interpretting score
On Apr 26, 2005, at 10:08 AM, Matt Yackley wrote: * 3.7 AWL AWL: From: address is in the auto white-list Hi Joe, Check out http://wiki.apache.org/spamassassin/AwlWrongWay Thanks--that makes sense. Fighting false positives for a high-strung sales organization is quite a challenge these days. Joe Kletch
Re: Need help interpretting score
Matt Yackley wrote: >J > > >--matt "gonna see if I can post this faster than Matt K." > > > Damnit!! You beat me to a post in my favorite topic :)
Re: Need help interpretting score
Joe Kletch wrote: > Reference header text below "3.7 AWL AWL: From: address is in the auto > white-list" why is something in the auto whitelist scoring positive? > Shouldn't this be adding negative points? > First, despite it's name the AWL's behavior is NOT limited to being a whitelist. It's a score averager, and has both white and black behaviors. It's called AWL because the more accurate "ASABPPWBWB" (Automatic Score Averager Based on Past Performance With Blacklist and Whitelist Behaviors) is rather awkward. In this case, the AWL saw that the average score of email from this sender in the past was approximately 7.4. It saw that this message was going to score 0, and it split the difference between the past scores, and the current scores. If the message is in fact not spam, then you should look at why email from this sender scored high enough in the past to earn an average of 7.4. If it is spam, well, the AWL just caught something for you based on past performance of the spammer. Also, unless you have a FP or FN, don't expect the direction of the AWL's score assignment to be indicative of whether the AWL thinks the message is spam or not. It's quite common for the AWL to add a small positive score to nonspam with a very large negative score. It's also common for it to subtract a few points from spam with very high positive scores. http://wiki.apache.org/spamassassin/AwlWrongWay
Re: Need help interpretting score
Joe Kletch said: > Reference header text below "3.7 AWL AWL: From: address is in the auto > white-list" why is something in the auto whitelist scoring positive? > Shouldn't this be adding negative points? > > Thanks, > > Joe Kletch * 3.7 AWL AWL: From: address is in the auto white-list Hi Joe, Check out http://wiki.apache.org/spamassassin/AwlWrongWay Cheers, --matt "gonna see if I can post this faster than Matt K."
Need help interpretting score
Reference header text below "3.7 AWL AWL: From: address is in the auto white-list" why is something in the auto whitelist scoring positive? Shouldn't this be adding negative points? Thanks, Joe Kletch --- X-AOL-IP: 205.188.162.5 X-Spam-Prev-Subject: Breakfast menu card X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on mail.burtonmayer.com X-Spam-Level: *** X-Spam-Status: Yes, score=3.7 required=3.5 tests=AWL,BAYES_50, MSGID_FROM_MTA_HEADER,NO_REAL_NAME,SPF_HELO_PASS autolearn=no version=3.0.2 X-Spam-Report: * 0.0 NO_REAL_NAME From: does not include a real name * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score: 0.5064] * 0.1 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 3.7 AWL AWL: From: address is in the auto white-list