We've been running SpamAssassin on a Fedora server successfully for
about a year now. About a month ago, we all noticed a spike in the
number of spam getting through. I upgraded to 3.1.0 but that does not
seem to help. I'm beginning to suspect that some local database or the
learning has somehow gone awry. Here a sample score from an obvious spam...
----------
Subject: Investment Ideas
X-Spam-Status: No, hits=-1.098 tagged_above=-999 required=2
tests=BAYES_00, RCVD_NUMERIC_HELO, UNPARSEABLE_RELAY
Body:
OUR OCTOBER HOT PICK IS: CWTD.
SYMBOL: CWTD
CURRENT PRICE: $2.07
5 Day Target: $5
WE GIVE IT TO YOU AS A GIFT AND THIS IS WHY !!!
*************PRESS RELEASE*****************PRESS RELEASE*************
[snip]
-----------
Lots of similar spam is getting through. Is this an example of where
they have just figured out a way through the tests, or do I have a local
database or learning system that needs retraining? I've got
SpamAssassin to check Razor and DCC, you'd have thought those tests
would hit but I guess not. :-/
--
Fran Fabrizio
Senior Systems Analyst
Department of Computer and Information Sciences
University of Alabama at Birmingham
http://www.cis.uab.edu/
205.934.0653