Re: Spamassassin Bayes... "why give that spam that score???"

Wed, 24 Feb 2016 17:31:19 -0800 


Am 25.02.2016 um 02:14 schrieb John Hardin:

On Thu, 25 Feb 2016, Steve wrote:


On 24/02/2016 22:59, John Hardin wrote:

 On Wed, 24 Feb 2016, Steve wrote:

>  I've used spamassassin for many years - on Ubuntu, using amvisd -
with >  great success.  In recent months, I've been receiving several
spam >  messages each day that evade the filters.

 Can you provide samples? (e.g. three or four on Pastebin)


One of each of the most common forms:

http: //pastebin.com/Wk2KD1Q1
http: //pastebin.com/QCQ9Ymw7
http: //pastebin.com/wgkmiJLt


The second one has autolearn=yes, so I would say that autolearn is
probably the cause of this behavior



autolearn is the root of all evil, it's nice for a "fire and fforget" 
setup with no manual training, but that's it



got hit by it in the past multiple times in both directions (false 
negative ham and false positive spam) with the result of purge the whole 
bayes (commercial appliance using SpamAssassin as one part)



after build up my own spamfilter solution, keep the whole corpus and 
*only* train by hand with no autlearning/autoexpire the bayes is 100% 
trustworthy and can be scored as nearly posion pill for spam as well as 
-3,5 for BAYES_00



given that 99% of junk is killed long before SA on MTA-level, 30% are 
sortcircuit ham and over 70% of the messages making it through bayes are 
BAYES_00 the setup is proven to be right


0      61132    SPAM
0      21786    HAM
0    2540731    TOKEN

insgesamt 73M
-rw------- 1 sa-milt sa-milt 10M 2016-02-25 02:24 bayes_seen
-rw------- 1 sa-milt sa-milt 81M 2016-02-25 02:24 bayes_toks

BAYES_00        25445   73.52 %
BAYES_05          671    1.93 %
BAYES_20          780    2.25 %
BAYES_40          720    2.08 %
BAYES_50         2519    7.27 %
BAYES_60          370    1.06 %     7.90 % (OF TOTAL BLOCKED)
BAYES_80          288    0.83 %     6.15 % (OF TOTAL BLOCKED)
BAYES_95          284    0.82 %     6.06 % (OF TOTAL BLOCKED)
BAYES_99         3529   10.19 %    75.38 % (OF TOTAL BLOCKED)
BAYES_999        3185    9.20 %    68.04 % (OF TOTAL BLOCKED)

DNSWL           46666   90.78 %
SPF             33608   65.37 %
SPF/DKIM WL     14653   28.50 %
SHORTCIRCUIT    16744   32.57 %

BLOCKED          4681    9.10 %
SPAMMY           4471    8.69 %    95.51 % (OF TOTAL BLOCKED)





Attachment:
signature.asc

Description: OpenPGP digital signature






















					Reply via email to