Re: SpamAssassin scoring issues
On Thu, 20 Apr 2017 12:08:54 +0200 Ralf Hildebrandt wrote: > * David Jones: > > > Are you hitting the URIBL_BLOCKED rule? If so, please follow the > > link in that reddit article to get rid of that rule hit. This is > > very important. > > Yes, but that's not his problem -- since the URIBL query fails in both > delivery AND his test. > > The actual differences are that these are NOT firing on delivery: > > 1.9 URIBL_ABUSE_SURBL (OK, his IP might be blocked due to excessive > queries) 1.2 RCVD_IN_BL_SPAMCOP_NET (that should work!) I'm not really sure what you are saying here, but abuse is the name of that particular SURBL list 1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist URIBL_BLOCKED is in both tests because the IP address of the shared DNS server is blocked. URIBL_ABUSE_SURBL and RCVD_IN_BL_SPAMCOP_NET are most likely missing in the first because the IP and URI domain were listed after delivery. This is very common when you retest after a short delay.
Re: SpamAssassin scoring issues
* David Jones: > Are you hitting the URIBL_BLOCKED rule? If so, please follow the > link in that reddit article to get rid of that rule hit. This is very > important. Yes, but that's not his problem -- since the URIBL query fails in both delivery AND his test. The actual differences are that these are NOT firing on delivery: 1.9 URIBL_ABUSE_SURBL (OK, his IP might be blocked due to excessive queries) 1.2 RCVD_IN_BL_SPAMCOP_NET (that should work!) -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
Re: SpamAssassin scoring issues
* W B: > Hey all! I'm having issues with SpamAssassin; it's assigning emails scores > that are way lower than it should. In addition, the scores it's assigning as > emails come in are different from the results of running SpamAssassin -t on > that same email after the fact. So, how is SpamAssassin invoked when mail comes in (which user is being used to run SA?) and how has it been run when testing? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
Re: SpamAssassin scoring issues
I actually had no idea SpamAssassin could do bayesian training - I'm an idiot. Lol. Thank you for pointing that out to me! On 4/19/2017 2:56 PM, RW wrote: On Wed, 19 Apr 2017 14:36:24 -0400 W B wrote: Hey all! I'm having issues with SpamAssassin; it's assigning emails scores that are way lower than it should. In addition, the scores it's assigning as emails come in are different from the results of running SpamAssassin -t on that same email after the fact. I'd like to avoid posting too much text in a single email, so here's a link to a Reddit post I made outlining the issues I'm having: https://www.reddit.com/r/webdev/comments/660n2w/spamassassin_scores_are_oddly_low_different_from/ If anyone has any clue what the issue is or is able to help, please let me know! This is normal. In the interval the IP address was reported to spamcop and a URI in the email was reported to SURBL. I'm getting flooded with spam emails to the point that it's hard to find my actual legitimate emails in my inbox... There are two obvious problems: 1. URIBL_BLOCKED, you need to setup your own nameserver that does its own DNS lookups. At the moment you are probably using a shared DNS cache which leads to a lot of look-ups coming from the same IP address. 2. You aren't using Bayes - this is the main problem.
Re: SpamAssassin scoring issues
On Wed, 19 Apr 2017 14:54:03 -0400 W B wrote: > You guys are all correct. Somehow I've been overlooking that message > - I must have misread something. Either way, thank you so much for > the help; I've set up unbound, so hopefully that should solve the > issue. It probably wont. It's a significant problem, but it's overstated. Turn on Bayes, and preferably train it manually, with autolearning turned off. You might also consider using the pyzor and dcc plugins.
Re: SpamAssassin scoring issues
On Wed, 19 Apr 2017 14:36:24 -0400 W B wrote: > Hey all! I'm having issues with SpamAssassin; it's assigning emails > scores that are way lower than it should. In addition, the scores > it's assigning as emails come in are different from the results of > running SpamAssassin -t on that same email after the fact. > > I'd like to avoid posting too much text in a single email, so here's > a link to a Reddit post I made outlining the issues I'm having: > https://www.reddit.com/r/webdev/comments/660n2w/spamassassin_scores_are_oddly_low_different_from/ > > If anyone has any clue what the issue is or is able to help, please > let me know! This is normal. In the interval the IP address was reported to spamcop and a URI in the email was reported to SURBL. > I'm getting flooded with spam emails to the point that > it's hard to find my actual legitimate emails in my inbox... There are two obvious problems: 1. URIBL_BLOCKED, you need to setup your own nameserver that does its own DNS lookups. At the moment you are probably using a shared DNS cache which leads to a lot of look-ups coming from the same IP address. 2. You aren't using Bayes - this is the main problem.
Re: SpamAssassin scoring issues
You guys are all correct. Somehow I've been overlooking that message - I must have misread something. Either way, thank you so much for the help; I've set up unbound, so hopefully that should solve the issue. Sorry, and thank you! On 4/19/2017 2:48 PM, David Jones wrote: From: W B <wil...@wilsonbiggs.com> Sent: Wednesday, April 19, 2017 1:36 PM To: users@spamassassin.apache.org Subject: SpamAssassin scoring issues Hey all! I'm having issues with SpamAssassin; it's assigning emails scores that are way lower than it should. In addition, the scores it's assigning as emails come in are different from the results of running SpamAssassin -t on that same email after the fact. I'd like to avoid posting too much text in a single email, so here's a link to a Reddit post I made outlining the issues I'm having: https://www.reddit.com/r/webdev/comments/660n2w/spamassassin_scores_are_oddly_low_different_from/ If anyone has any clue what the issue is or is able to help, please let me know! I'm getting flooded with spam emails to the point that it's hard to find my actual legitimate emails in my inbox... thank you!!! Are you hitting the URIBL_BLOCKED rule? If so, please follow the link in that reddit article to get rid of that rule hit. This is very important. Minor scoring differences are to be expected based on the passing of time and RBL listing changes but if you are hitting the URIBL_ BLOCKED rule then basically RBLs are not working properly. What MTA are you using? It's best to fine tune the MTA to do RBL checks that will block the majority of the spam/junk before it reaches SA. Make sure you are using zen.spamhaus.org and b.barracudacentral.org RBLs at a minimum. If you are using Postfix, enable postscreen and refer to the SA mailing list archives to posts that reference senderscore.org which is another valuable RBL best used in a weighting fashion with postscreen. Dave
Re: SpamAssassin scoring issues
>From: W B <wil...@wilsonbiggs.com> >Sent: Wednesday, April 19, 2017 1:36 PM >To: users@spamassassin.apache.org >Subject: SpamAssassin scoring issues >Hey all! I'm having issues with SpamAssassin; it's assigning emails >scores that are way lower than it should. In addition, the scores it's >assigning as emails come in are different from the results of running >SpamAssassin -t on that same email after the fact. >I'd like to avoid posting too much text in a single email, so here's a >link to a Reddit post I made outlining the issues I'm having: >https://www.reddit.com/r/webdev/comments/660n2w/spamassassin_scores_are_oddly_low_different_from/ >If anyone has any clue what the issue is or is able to help, please let >me know! I'm getting flooded with spam emails to the point that it's >hard to find my actual legitimate emails in my inbox... thank you!!! Are you hitting the URIBL_BLOCKED rule? If so, please follow the link in that reddit article to get rid of that rule hit. This is very important. Minor scoring differences are to be expected based on the passing of time and RBL listing changes but if you are hitting the URIBL_ BLOCKED rule then basically RBLs are not working properly. What MTA are you using? It's best to fine tune the MTA to do RBL checks that will block the majority of the spam/junk before it reaches SA. Make sure you are using zen.spamhaus.org and b.barracudacentral.org RBLs at a minimum. If you are using Postfix, enable postscreen and refer to the SA mailing list archives to posts that reference senderscore.org which is another valuable RBL best used in a weighting fashion with postscreen. Dave
Re: SpamAssassin scoring issues
W B skrev den 2017-04-19 20:36: https://www.reddit.com/r/webdev/comments/660n2w/spamassassin_scores_are_oddly_low_different_from/ http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block have you readed this and solved it ?
SpamAssassin scoring issues
Hey all! I'm having issues with SpamAssassin; it's assigning emails scores that are way lower than it should. In addition, the scores it's assigning as emails come in are different from the results of running SpamAssassin -t on that same email after the fact. I'd like to avoid posting too much text in a single email, so here's a link to a Reddit post I made outlining the issues I'm having: https://www.reddit.com/r/webdev/comments/660n2w/spamassassin_scores_are_oddly_low_different_from/ If anyone has any clue what the issue is or is able to help, please let me know! I'm getting flooded with spam emails to the point that it's hard to find my actual legitimate emails in my inbox... thank you!!! - Wilson Biggs wil...@wilsonbiggs.com