One of my servers received a spam message which SA missed, with the
following report:
Content analysis details: (3.1 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 FREEMAIL_FROM Sender email is commonly abused enduser
mail provider
(noreply[at]live.com)
0.0 HTML_MESSAGE BODY: HTML included in message
1.5 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4993]
2.0 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
0.0 UNPARSEABLE_RELAY Informational: message has unparseable
relay lines
-0.4 AWL AWL: Adjusted score from AWL reputation of
From: address
After learning the messages as spam into bayes with sa-learn, I get the
following report:
Content analysis details: (8.8 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
4.9 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser
mail provider
(noreply[at]live.com)
0.0 HTML_MESSAGE BODY: HTML included in message
8.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
2.0 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
0.0 UNPARSEABLE_RELAY Informational: message has unparseable
relay lines
-6.1 AWL AWL: Adjusted score from AWL reputation of
From: address
Luckily the message is now flagged as spam because I have manually
turned up the score on my BAYES_99 and BAYES_999 awhile ago. But what
intrigues me is that now the AWL module gives it a -6.1 score. Why would
AWL now tilt things heavily towards ham, after the message has just been
learned as spam? It seems to be making things worse instead of better.
Unless I am misunderstanding what AWL is supposed to be doing?