PDA

View Full Version : Spamassassin not setting X-Spam-Level



seaquest
08-24-2004, 05:13 PM
I'm getting a great deal of undetected spam and am noticing that most of the unfiltered spam has spamassassin headers like this. Notice that the hits is 15.7 and in this example I had the required hits set to 1.0 so it should have definately detected it. In addition the X-Spam-Level is blank.

Any suggestions??


X-Spam-Status: No, hits=-15.7 required=1.0
tests=BAYES_01,IN_REP_TO,PRIORITY_NO_NAME,REFERENC ES,USER_AGENT
autolearn=ham version=2.52
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.52 (1.174.2.8-2003-03-24-exp)
Status:

FZ
08-24-2004, 07:02 PM
The score for this e-mail is -15.7 (negative 15.7), which is more than enough to have this e-mail whitelisted. SpamAssassin thinks this is legitimate mail, and since it is learning (Bayesian filtering) it as being ham (non-spam), it thinks it's a perfect example of the kind of legitimate mail you get!

Have a look at: http://spamassassin.org/tests.html to see what the default scores are for the tests that matched - you should notice that some of them have negative scores (meaning that they're signs of ham). However, if you like, you can disable these tests by assigning scores of 0 to them (using a user_prefs file) - refer to the SpamAsassin documentation. That would probably be your best bet since you say that this mail was actually spam!

seaquest
08-24-2004, 07:33 PM
Ok that makes sense. I'm still trying to understand why spamassassin is so ineffective at detecting spams. The message that scored -15 was very clearly a spam message. Perhaps you can offer some advice? Here are my user_prefs and local.cf settings are as follows:


USER_PREFS

# How many hits before a mail is considered spam.
required_hits 1.0

# Whitelist and blacklist addresses are now file-glob-style patterns, so
# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
# whitelist_from someone@somewhere.com

# customization starts here

# Text to prepend to subject if rewrite_subject is used
subject_tag ***POSSIBLE SPAM**

# Encapsulate spam in an attachment
report_safe 0

# Enable the Bayes system
use_bayes 1

# Enable Bayes auto-learning
auto_learn 0

# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1

My LOCAL.CF settings are:

rewrite_subject 1
report_header 1
required_hits 2
rewrite_subject 1
report_safe 0
defang_mime 0

whitelist_from *.westhost.com
subject_tag **POSSIBLE SPAM**


Any suggestions would be greatly appreciated.

FZ
08-25-2004, 02:00 PM
Well, the first thing you can do is turn off Bayesian filtering - that should stop e-mails getting negative scores (and thus being whitelisted). Set use_bayes to 0.

The other thing you can do is enable network tests - meaning SpamAssassin checks (for example) the IP addresses of the mail server(s) in your e-mails and if they are listed in various blacklists, will assign a corresponding score. This is very effective for the kind of spam that does not trigger content-based tests in SpamAssassin. Unfortunately, this is quite difficult to do unless you know your way around with SSH.

Have a look at this thread: http://forums.westhost.com/phpBB2/viewtopic.php?t=1283

About halfway through you should find instructions on installing Net::DNS (which is what you need to do to get SpamAssassin network tests going).

http://forums.westhost.com/phpBB2/viewtopic.php?p=10394#10394 is also useful.