Thanks everyone for your suggestions. This is what I've done: required_score 4 rewrite_header Subject *****SPAM***** add_header all Report _REPORT_ use_razor2 1 razor_config /etc/mail/spamassassin/.razor/razor-agent.conf razor_timeout 600 trusted_networks w.x.y.z use_bayes 1 use_bayes_rules 1 bayes_path /home/_vilter/.spamassassin/bayes bayes_auto_learn 1 bayes_auto_learn_threshold_spam 6 bayes_auto_learn_threshold_nonspam -5 skip_rbl_checks 0 rbl_timeout 600 use_auto_whitelist 0
As you can see I: Lowered my nonspam threshold so in theory only very low scoring mails should be learned as ham Removed the very wrong and bad ALL_TRUSTED 0 line Added a trusted_networks line that contains the IP address of my mail server / SA machine. Based on what I've read at http://wiki.apache.org/spamassassin/TrustPath this should be all I really need on that front. My mail server is in a non-NATed DMZ with a public IP address. Last but not least I added the line: add_header all Report _REPORT_ so that I can see what rules are being hit. Unfortunately I am still not seeing these headers added to the messages. The only headers I get are these: X-SMTP-Vilter-Version: 1.1.9 X-SMTP-Vilter-Spam-Backend: spamd X-Spam-Score: 2.0 X-Spam-Level: ** X-Spam-Threshold: 4.0 X-Spam-Probability: 0.5 and in the case of the spam threshold being met: X-Spam-Status: spam Before I made the changes to local.cf I deleted my bayes db's so everything would be learned afresh. Despite these changes, most spam continues to receive low scores. Does anyone have a theory about why I am not seeing the Report headers? (I know the local.cf file is being read because when I changed the required score from 5 to 4, that change is reflected in the headers.) TIA. > -----Original Message----- > From: Bowie Bailey [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 12, 2006 1:05 PM > To: users@spamassassin.apache.org > Subject: RE: spam scores low (Sendmail + smtp-vilter + SA ) > > > Mike Sassaman wrote: > > Hello, > > > > I'm new to this list and to SpamAssassin, and I'm have some > questions > > that will hopefully be easy for you all, but have been giving me > > problems. > > > > Background: I've been running a Sendmail relay on OpenBSD > for the last > > couple years for a smallish company. The only thing this machine > > does is forward to an Exchange server - there are no mailboxes on it > > (besides root). I'm not a Sendmail expert but it's been > doing the job. > > > > So recently I've installed SMTP-Vilter and SpamAssassin 3.0.4 from > > OpenBSD's ports. Now, according to the SA wiki and most of the > > things I've read, my grandmother should be able to install SA and > > stop most spam out of the box. However, this has not been my > > experience. It appears to be 'working', in the sense that headers > > are added to messages, for example: > > > > X-SMTP-Vilter-Version: 1.1.9 > > X-SMTP-Vilter-Spam-Backend: spamd > > X-Spam-Score: 7.3 > > X-Spam-Level: ******* > > X-Spam-Threshold: 5.0 > > X-Spam-Probability: 1.5 > > X-Spam-Status: spam > > > > The message with the above headers had its subject successfully > > rewritten as one would expect. > > > > However, the vast majority of spam we receive gets a very low score, > > often negative, and is not marked. Simply lowering the threshold > > will not help me because the spam scores often lower than > legit mail. > > > > So obviously I'm doing something horribly and stupidly wrong, but > > what? > > > > More specifically - for troubleshooting, how can I add > headers to each > > message showing what SA rules were hit? How can I view the contents > > of the auto-whitelist? Is it bayes that is broken? Can anyone > > suggest some actions I can take to troubleshoot? > > Add this to your local.cf: > add_header all Report _REPORT_ > > (at least, this is the 3.1 format. I think it was the same > with 3.0.4) > > > > > The default local.cf was very minimal, during > troubleshooting I added > > some things trying to get improvements. This is my current > > /etc/mail/spamassassin/local.cf: > > > > required_score 5 > > rewrite_header Subject *****SPAM***** > > use_razor2 1 > > razor_config /etc/mail/spamassassin/.razor/razor-agent.conf > > razor_timeout 600 > > # report_safe 1 > > # trusted_networks 212.17.35. > > # lock_method flock > > use_bayes 1 > > use_bayes_rules 1 > > bayes_path /home/_vilter/.spamassassin/bayes > > bayes_auto_learn 1 > > bayes_auto_learn_threshold_spam 6 > > skip_rbl_checks 0 > > rbl_timeout 600 > > use_auto_whitelist 0 > > score ALL_TRUSTED 0 0 0 0 > > Here we go again... > > PLEASE fix this: > > # trusted_networks 212.17.35. > > And DON'T do this: > > score ALL_TRUSTED 0 0 0 0 > > Removing the ALL_TRUSTED rule just masks the problem. > > Set trusted_networks to include the ip addresses (or subnet addresses) > of all of your mail servers (including the local machine, if > it is also > a mail server) and it should fix any problems you were having with the > ALL_TRUSTED rule. > > See the wiki for more details. > http://wiki.apache.org/spamassassin/TrustPath > > -- > Bowie >