Am 25.02.2016 um 02:14 schrieb John Hardin:
On Thu, 25 Feb 2016, Steve wrote:On 24/02/2016 22:59, John Hardin wrote:On Wed, 24 Feb 2016, Steve wrote: > I've used spamassassin for many years - on Ubuntu, using amvisd - with > great success. In recent months, I've been receiving several spam > messages each day that evade the filters. Can you provide samples? (e.g. three or four on Pastebin)One of each of the most common forms: http: //pastebin.com/Wk2KD1Q1 http: //pastebin.com/QCQ9Ymw7 http: //pastebin.com/wgkmiJLtThe second one has autolearn=yes, so I would say that autolearn is probably the cause of this behavior
autolearn is the root of all evil, it's nice for a "fire and fforget" setup with no manual training, but that's it
got hit by it in the past multiple times in both directions (false negative ham and false positive spam) with the result of purge the whole bayes (commercial appliance using SpamAssassin as one part)
after build up my own spamfilter solution, keep the whole corpus and *only* train by hand with no autlearning/autoexpire the bayes is 100% trustworthy and can be scored as nearly posion pill for spam as well as -3,5 for BAYES_00
given that 99% of junk is killed long before SA on MTA-level, 30% are sortcircuit ham and over 70% of the messages making it through bayes are BAYES_00 the setup is proven to be right
0 61132 SPAM 0 21786 HAM 0 2540731 TOKEN insgesamt 73M -rw------- 1 sa-milt sa-milt 10M 2016-02-25 02:24 bayes_seen -rw------- 1 sa-milt sa-milt 81M 2016-02-25 02:24 bayes_toks BAYES_00 25445 73.52 % BAYES_05 671 1.93 % BAYES_20 780 2.25 % BAYES_40 720 2.08 % BAYES_50 2519 7.27 % BAYES_60 370 1.06 % 7.90 % (OF TOTAL BLOCKED) BAYES_80 288 0.83 % 6.15 % (OF TOTAL BLOCKED) BAYES_95 284 0.82 % 6.06 % (OF TOTAL BLOCKED) BAYES_99 3529 10.19 % 75.38 % (OF TOTAL BLOCKED) BAYES_999 3185 9.20 % 68.04 % (OF TOTAL BLOCKED) DNSWL 46666 90.78 % SPF 33608 65.37 % SPF/DKIM WL 14653 28.50 % SHORTCIRCUIT 16744 32.57 % BLOCKED 4681 9.10 % SPAMMY 4471 8.69 % 95.51 % (OF TOTAL BLOCKED)
signature.asc
Description: OpenPGP digital signature