PDA

View Full Version : spam assasin ?



firebirdfan
06-03-2004, 01:33 AM
still don't get it, i read Jalal's excellent explanation on it, where they say there's 3 places where spamassasin looks at when analyzing potential spam.
usr/local/perl/share/spamassassin

/etc/mail/spamassassin

/home/user/.spamassassin

After installing it via site manager, & setting it to the strictest rule of 10, I sent a test mail with subject & body text having PORN in it but it still came into my Outlook Express.. so how does it work... ?

Because PORN should be filtered as in the global settings...

How please how ?

ccwebb
06-03-2004, 11:29 AM
Do you see spamassassin info in the header of the email? If yes how many points were accumulated?

Charlie

FZ
06-03-2004, 11:40 AM
You have to understand that by default SpamAssassin only tags mail - or as Charlie says, adds headers to the e-mail indicating its "spam status" (and "score"). It is then up to you to use Procmail (server-side) or your e-mail program (client-side) to filter based on the headers it adds. I'd recommend you do a search for "procmail" or "spamassassin" on this forum so you can have a look at the many, many threads that have been devoted to discussing this exact issue. Alternatively, you can have a look in the "WestHost 2.0 Solutions" topic for Jim's post which should get you started.

dansroka
06-03-2004, 11:46 AM
Likewise, I believe that mail sent from your own account to yourself doesn't get filtered. Try sending mail from a different email account (like a Yahoo account) to test it.

firebirdfan
06-03-2004, 07:10 PM
No, the email doesnt get tagged. I've set via the site manager to the score of 10 for spam assasin

While FZ suggestions on procmail I'll have to get those things a thorough read through. But I thought Spamassasin was suppose to at least do some work :(

So, that said, I test my mail through my Yahoo account, and not Hotmail or maybe later my gmail account.
( Dan - was a Yahooligan :) ] - nice site Dan...

wildjokerdesign
06-03-2004, 09:04 PM
I think you need to set your SpamAssasin score lower via Site Manager. If I understand how it works the higher you set the number the more it lets through without marking it. If you lower it to say around 4 or 5 it should mark more. So the idea is that when it runs mail through the rules it gives it a score for each rule it matches if those add up to what you have the setting at via SiteManager then it tags it. Correct me if I have that wrong Jalal or Fayez.

firebirdfan
06-03-2004, 09:35 PM
Wow it worked, I've just set it to 4 and the previous porn message sent via yahoo didnt even come into me Outlook express inbox, while an innocent subject i sent came in, so where will that spam mail be sent - to deve/null - means deleted forever from the server ?

You're great Shawn , so what's the current score rating set by people here in WH ?

FZ
06-03-2004, 10:02 PM
Interesting - on two accounts: that it deleted mail with a high score by itself (which it should NOT do, unless you specifically use Procmail code to do that) and secondly that lowering the score seems to add headers (I thought it added headers no matter what score the e-mail got, even if it was not spam).

firebirdfan
06-03-2004, 10:09 PM
Should it be such as mentioned ?
I did set a particular subject test into user prefs profile, but did not make any changes to procmail file.
I set it on SA learn, so .....let me do a few more test.. is it that the Lower the score , the stricter the rules are applied ?

FZ
06-03-2004, 10:16 PM
No - it should not be deleting e-mail for you unless you made changes to a Procmail file. No matter what changes you make to your user_prefs file, it will never DELETE mail! The learning process takes a very long time to become effective - I believe it needs a few hundred e-mails to have passed through (both spam and non-spam) to learn the difference between the two. As for the score, yes, a lower score implies that you want to be more "strict" and more mail will be tagged as spam (including legitimate mail, in some cases - especially if you set your score too low). I think 4 to 5 is a good value - whatever slips through, you can change the score for (i.e. specific tests) and you'll never have to worry about mail that matches that test again.

firebirdfan
06-03-2004, 10:33 PM
Just tried it again with the same phrase it came through this time with nothing tagges as spam whatsoever. So probaly the email went missing.

Baffling, I;ve just set spamass on another vps set it's score to 2 but still the email comes through as normal.

What subject header & body text would it detect then ?

My current subject is porn slut sex same as the body but still wont work.

dansroka
06-04-2004, 06:46 AM
No - it should not be deleting e-mail for you unless you made changes to a Procmail file.

FZ, I just reread this thread, and I don't think Firebirdfan ever had email deleted automatically by SA. Just that it wasn't always tagging his mail. Am I right?


I think you need to set your SpamAssasin score lower via Site Manager. If I understand how it works the higher you set the number the more it lets through without marking it.

Nope.... when you have SA active, all email can get marked (if it matches any of SAs tests) regardless of the score you set. The score only tells SA what to do with the email once it is tagged -- specifically, if an email has a score higher than your threshold, it will be marked as spam: the X-Spam-Status header will be changed to Yes, and if you selected the option, the subject line will be changed. It is always up to you, via procmail or your email program's filters, to figure out what to do with this.

Firebird, I have found it very difficult to send myself test spam. This is because you are sending it from a friendly and valid email, the headers will be well formed, etc. -- email coming from Yahoo or any valid email program will by default be "cleaner" than most spam, which is generated by code.

When you do the test email, and it comes through, do you know how to check the SA headers? Your email should have an option to "view full headers" (or something like that). Make sure it is turned on. This way, if SA found any spam-like stuff in the message, you'll see its results in the X-Spam headers, including the score it got, and the tests it failed.

I just tried sending myself your test spam ("porn slut sex") from my Yahoo mail, and it only got a SA score of 0.2. Pretty low: those words, although spam like, are too common I guess to trigger anything. So I then sent one with a subject of "viagra". This got a much higher score. You see, SA has a bunch of tests it runs, and assigns different values for all of them. The SUBJ_VIAGRA test ("viagra in the subject") has a high value, because SA considers it more likely to be spam. Check out a full list of these tests at http://www.spamassassin.org/tests.html

So, if you really want to test SA, you can temporarily boost the score a specific test will get to make sure that it will go over your spam threshold score. For example, the test SUBJ_VIAGRA normally assigns a score of 2.5 to 4.1. You can override this with any value by putting the following line in your preference file:


score SUBJ_VIAGRA 6.0

This means that if the subject has "viagra" in is, SA will now assign a score of 6, making it spam. (To remove this, just delete that line from your prefs.) This way, you can send yourself email to test how SA will react to spam. It is also how you can customize your SA to perform more like you want it.

Another suggestion. You can set SA so that it will add its spam score to the subject of anything it considers spam. This is a nice tool to quickly see how things are running. Just change the two following values in your user_prefs file:



rewrite_subject 1
subject_tag {SPAM _HITS_}

Hope this helps.
Dan

FZ
06-04-2004, 01:46 PM
Actually, there is a really easy way to test it: the GTUBE (see http://www.spamassassin.org/gtube/).

Dan: I interpreted the fact that of two mails that firebirdfan sent, the "spam" one that did not get through was deleted (didn't occur to me that it just got "lost", especially after the fact that the second test mail came through).

firebirdfan: As Dan explains the headers that are added by SpamAssassin are only viewable if you view message details/properties/source (as most e-mail programs hide "excess header info" from you by default) - so you need to do that and confirm whether headers are added or not - if not, then you should re-install SpamAssassin via your Site Manager and see if that helps. If not, try and contact WestHost support.

Keep us updated.

firebirdfan
06-04-2004, 10:39 PM
Oh, now I figured it out. As suggested, I saw the headers & here they are

X-Spam-Status: No, hits=0.0 required=5.0
tests=none
version=2.52
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.52 (1.174.2.8-2003-03-24-exp)
X-UIDL: 0S#!!n!_!!QKn"!L#o"!
- Surprisingly no hits at all.
For porn ***** slut

But as suggested by Dan - viagra does score high
X-Spam-Status: No, hits=2.9 required=5.0
tests=FROM_ENDS_IN_NUMS,SUBJ_VIAGRA
version=2.52
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 2.52 (1.174.2.8-2003-03-24-exp)
X-UIDL: ZM3"!:*O!!e,=!!R(d!!

Viagra free onsale
---

So, now I know roughly how it works, thanks all, this means I'll have to use procmail so that it wouldnt reach my Outlook express.

I also tried Dan's suggestion of placing a rewrite to mark it as spam & yes indeed it worked.

Well thanks all, on a seperate note * Fayez, with regards to Openwebmail, I PM adpw1 about not having root access to our vps which WH replied me, so I guess, you wouldn't be able to setit up unless you are on a dedicated host ...