From: "Matt Kettler" <[EMAIL PROTECTED]>
Leigh Sharpe wrote:
Hi All,
After 6 months or more of perfect operation, I have had heaps of spam
has been missed over the last few weeks. Running SA with -D option
shows nothing obvious in the logs.
A small selection of misses is posted here:
http://www.pacificwireless.com.au/spam/
Anybody got any ideas why really obvious stuff might be getting
through? Some of it is stuff which always used to get tagged, but now
isn't. There's been no changes on the server, except for an increase
in the number of mail users.
I also note that quite a lot of it is getting negative sscores.
1) all of this spam is hitting BAYES_00.. you really should check your
bayes training and correct it.
THAT is a bad thing. Getting down to BAYES_00 for spam takes some
doing. At the very least a whole lot of spam got trained as ham.
I'd select a collection of known spam and a collection of known ham
both totaling more than 200. (1000 if possible.) Then carefully feed
them to sa-learn with the correct ham or spam flag.
2) You're running a relatively old version of SpamAssassin. Version
3.0.3 has multiple security vulnerabilities.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266
http://spamassassin.apache.org/advisories/cve-2006-2447.txt
The upgrade to 3.0.5 is relatively painless. I'd recommend that for
the faint of heart. (I am getting excellent results here with 3.0.4
patched with some custom debug patches and with the 3.0.5 diffs from
3.0.4.)
{^_^} JD
