Whitelist and Excessive Spam Please Help
Hello All, I have a few issues with our filtering and am not sure how to make things better. The main issue that I have is that I have created a whitelist.cf file in /etc/mail/spamassassin but with the following whitelist_from_rcvd [EMAIL PROTECTED] adelphia.net whitelist_from_rcvd [EMAIL PROTECTED] hotmail.com whitelist_from_rcvd @dell.com dell.com they are still getting tagged as spam. here is what the header information is comeing up with. X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on mx.wifi7.com X-Spam-Level: ** X-Spam-Status: Yes, score=2.8 required=2.0 tests=AWL,BAYES_50,J_CHICKENPOX_12, J_CHICKENPOX_31,MIME_BASE64_NO_NAME,NO_REAL_NAME,SARE_SUB_ENC_UTF8, SUBJECT_EXCESS_BASE64,SUBJ_HAS_UNIQ_ID autolearn=no version=3.1.7 X-Spam-Report: * 1.0 NO_REAL_NAME From: does not include a real name * 0.2 SUBJ_HAS_UNIQ_ID Subject contains a unique ID * 0.6 J_CHICKENPOX_12 BODY: 1alpha-pock-2alpha * 0.6 J_CHICKENPOX_31 BODY: 3alpha-pock-1alpha * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score: 0.5000] * 0.2 MIME_BASE64_NO_NAME RAW: base64 attachment does not have a file * name * 0.2 SARE_SUB_ENC_UTF8 Message uses character set often used in spam * 0.4 SUBJECT_EXCESS_BASE64 Subject: base64 encoded encoded unnecessarily * -0.3 AWL AWL: From: address is in the auto white-list Received: from unknown (HELO ausc60ps301.us.dell.com) (143.166.148.206) I am not really sure where to go from here to make sure that my boss gets his dell emails... The other issue that I have is it seems that I have to have my spam score down to about 2.0 in order to knock out enough spam for our clients not to complain is this action abnormal. What could I have wrong? THanks Much Q
RE: Whitelist and Excessive Spam Please Help
Kyle Quillen wrote: they are still getting tagged as spam. ... X-Spam-Status: Yes, score=2.8 required=2.0 Of course they're still getting tagged as spam. A score of 2.0 is way, Way, WAY too low a score to be reasonable. At my site it's set to 3.5, and it's still very aggressive, requiring plenty of whitelisting. I wouldn't set it to anything lower than that. You're better off keeping it at 5.0, and raising scores (and creating new ones) to push spam higher, instead of trying to push ham lower. Also, nowhere in that header does it show USER_IN_WHITELIST_TO actually hit the message, so your whitelisting didn't apply anyway. I suspect this is because whatever MTA you're using couldn't do the reverse lookup on 143.166.148.206 (it just says from unknown).
Re: Whitelist and Excessive Spam Please Help
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kyle Quillen wrote: I have a few issues with our filtering and am not sure how to make things better. The main issue that I have is that I have created a whitelist.cf file in /etc/mail/spamassassin but with the following [..] I am not really sure where to go from here to make sure that my boss gets his dell emails... spamassassin -D and/or http://www.dnswl.org/tech (disclaimer: I'm inovlved with this project) The other issue that I have is it seems that I have to have my spam score down to about 2.0 in order to knock out enough spam for our clients not to complain is this action abnormal. What could I have wrong? You do not use sa-update? - -- Matthias -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFiVt7xbHw2nyi/okRAoaoAKCZrztzaaEYHq4kxoIq9ho6YK+enQCeJgZR ExavKUSJTjYvMaL74ZmsjLs= =xzol -END PGP SIGNATURE-
Re: Whitelist and Excessive Spam Please Help
On Wed, 2006-12-20 at 16:49 +0100, Matthias Leisi wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kyle Quillen wrote: I have a few issues with our filtering and am not sure how to make things better. The main issue that I have is that I have created a whitelist.cf file in /etc/mail/spamassassin but with the following [..] I am not really sure where to go from here to make sure that my boss gets his dell emails... spamassassin -D and/or http://www.dnswl.org/tech (disclaimer: I'm inovlved with this project) Ok when I type spamassassin -D it stops at [2] dbg: dns: is Net::DNS::Resolver available? yes [2] dbg: dns: Net::DNS version: 0.48 and then just sits there waiting for something. I read somewhere that it wanted to be fed a message but I am unclear as to how to do that. The other issue that I have is it seems that I have to have my spam score down to about 2.0 in order to knock out enough spam for our clients not to complain is this action abnormal. What could I have wrong? You do not use sa-update? I have a cron job set to run sa-update on a nightly basis At least I think that is what my issue is. I am slowly learning how all of this works. Should I be doing something else? Thanks Q - -- Matthias -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFiVt7xbHw2nyi/okRAoaoAKCZrztzaaEYHq4kxoIq9ho6YK+enQCeJgZR ExavKUSJTjYvMaL74ZmsjLs= =xzol -END PGP SIGNATURE-
Re: Whitelist and Excessive Spam Please Help
On Wed, Dec 20, 2006 at 11:00:17AM -0500, Kyle Quillen wrote: Ok when I type spamassassin -D it stops at [2] dbg: dns: is Net::DNS::Resolver available? yes [2] dbg: dns: Net::DNS version: 0.48 and then just sits there waiting for something. I read somewhere that it wanted to be fed a message but I am unclear as to how to do that. spamassassin -D message_file -- Randomly Selected Tagline: I made it foolproof, but they're making better fools... pgpF3JINEeHHB.pgp Description: PGP signature