Re: Spamassassin not capturing obvious Spam

On May 31, 2016, at 00:18, Shivram Krishnan wrote: > It is not on production. I am using this to evaluate spamassassin. You are not testing or evaluating properly when you break the configuration. --

Re: SA Concepts - plugin for email semantics

On Mon, May 30, 2016 at 06:25:08PM -0400, Dianne Skoll wrote: > On Mon, 30 May 2016 17:45:52 -0400 > "Bill Cole" wrote: > > > So you could have 'sex' and 'meds' and 'watches' tallied up in into > > frequency counts that sum up natural (word) and synthetic (concept) > > occurrences, not just as in

Re: Spamassassin not capturing obvious Spam

It is not on production. I am using this to evaluate spamassassin. On Mon, May 30, 2016 at 10:38 PM, @lbutlr wrote: > On May 30, 2016, at 11:06 PM, Shivram Krishnan > wrote: > > 2) I have set a threshold of -10 to see how spamassassin assigns a score > for every mail. > > No. Do not do this. >

Re: Spamassassin not capturing obvious Spam

On May 30, 2016, at 11:06 PM, Shivram Krishnan wrote: > 2) I have set a threshold of -10 to see how spamassassin assigns a score for > every mail. No. Do not do this. -- When the routine bites hard / and ambitions are low And the resentment rides high / but emotions won't grow And we're chang

Re: Spamassassin not capturing obvious Spam

1) The message is indeed fabricated. I had to generate a RFC 2822 mail from JSON. I am harvesting SPAM mails from mailinator.com (public email's). So that is an error in my generation of the RFC 2822. I did not change it as spamassassin did not assign a score. 2) I have set a threshold of -10 to s

Re: Spamassassin not capturing obvious Spam

That message is either a fabrication or something from a messed up system. There's no sign of an IP address (neither IPv4 nor IPv6) in it. There are two identical 'Received:' headers which have '()' where there should be at least the IP address of the incoming connection. This indicates that the

Re: Spamassassin not capturing obvious Spam

On May 30, 2016, at 20:24, Shivram Krishnan wrote: > I have followed the guidelines on > https://wiki.apache.org/spamassassin/ImproveAccuracy . No, you really haven't. > Content analysis details: (3.9 points, -10.0 required) This makes no sense at all. Either you have set the spam scores neg

Re: Spamassassin not capturing obvious Spam

On 5/30/2016 10:24 PM, Shivram Krishnan wrote: I am testing spamassassin on a SPAM/HAM corpus of mails. Spamassassin is not picking up an obvious spam like in this case http://pastebin.com/MbNRNFWy . Your pastebin example didn't show the "last external" sending IP. Could have have been there o

Spamassassin not capturing obvious Spam

Hey guys, I am testing spamassassin on a SPAM/HAM corpus of mails. Spamassassin is not picking up an obvious spam like in this case http://pastebin.com/MbNRNFWy . I have followed the guidelines on https://wiki.apache.org/spamassassin/ImproveAccuracy . Let me know how to catch these type of Spams

Re: Multiple RBLs and dynamic IPs

On 30 May 2016, at 15:07, Alex wrote: Yeah, that's it exactly. Particularly overseas where it doesn't appear NAT and/or submission are used as readily as they are here. Irrelevant in this case because if you trust that header not to be an intentionally deceptive lie, the receiving server clai

Re: SA Concepts - plugin for email semantics

On 30 May 2016, at 18:25, Dianne Skoll wrote: On Mon, 30 May 2016 17:45:52 -0400 "Bill Cole" wrote: So you could have 'sex' and 'meds' and 'watches' tallied up in into frequency counts that sum up natural (word) and synthetic (concept) occurrences, not just as incompatible types of input feat

Re: Multiple RBLs and dynamic IPs

Am 31.05.2016 um 00:59 schrieb Reindl Harald: Am 31.05.2016 um 00:57 schrieb Reindl Harald: Am 31.05.2016 um 00:49 schrieb Alex: Hi, So I created the RCVD_IN_XBL_ALL "deep header" rule and have since reduced its score. However, there's still RCVD_IN_BL_SPAMCOP_NET as part of the default r

Re: Multiple RBLs and dynamic IPs

Am 31.05.2016 um 00:57 schrieb Reindl Harald: Am 31.05.2016 um 00:49 schrieb Alex: Hi, So I created the RCVD_IN_XBL_ALL "deep header" rule and have since reduced its score. However, there's still RCVD_IN_BL_SPAMCOP_NET as part of the default ruleset, which I could of course change, but it's

Re: Multiple RBLs and dynamic IPs

Am 31.05.2016 um 00:49 schrieb Alex: Hi, So I created the RCVD_IN_XBL_ALL "deep header" rule and have since reduced its score. However, there's still RCVD_IN_BL_SPAMCOP_NET as part of the default ruleset, which I could of course change, but it's scored 1.3 by default for that same "deep heade

Re: Multiple RBLs and dynamic IPs

Hi, >> So I created the RCVD_IN_XBL_ALL "deep header" rule and have since >> reduced its score. However, there's still RCVD_IN_BL_SPAMCOP_NET as >> part of the default ruleset, which I could of course change, but it's >> scored 1.3 by default for that same "deep header" IP address. >> >> Does that

Re: SA Concepts - plugin for email semantics

On Mon, 30 May 2016 17:45:52 -0400 "Bill Cole" wrote: > So you could have 'sex' and 'meds' and 'watches' tallied up in into > frequency counts that sum up natural (word) and synthetic (concept) > occurrences, not just as incompatible types of input feature but as > a conflation of incompatible fe

Re: SA Concepts - plugin for email semantics

On 28 May 2016, at 17:53, John Hardin wrote: Based on that, do you have an opinion on the proposal to add two-word (or configurable-length) combinations to Bayes? CAVEAT: it has literally been decades since I've worked deep in statistics on a routine basis rather than just using blindly trust

Re: Multiple RBLs and dynamic IPs

Am 30.05.2016 um 21:49 schrieb Alex: Yeah, that's it exactly. Particularly overseas where it doesn't appear NAT and/or submission are used as readily as they are here. with carrier grade NAT and "DS-Lite" aka "public ipv6 but NAT ipv4" becoming more and more common the problem is and will be

Re: Multiple RBLs and dynamic IPs

Hi, >> Yeah, that's it exactly. Particularly overseas where it doesn't appear >> NAT and/or submission are used as readily as they are here. > > > with carrier grade NAT and "DS-Lite" aka "public ipv6 but NAT ipv4" becoming > more and more common the problem is and will be growing fast > >> So eve

Re: PHP eval()'d code

On Mon, 30 May 2016, Reindl Harald wrote: Am 30.05.2016 um 01:20 schrieb John Hardin: On Sun, 29 May 2016, Reindl Harald wrote: > Am 29.05.2016 um 23:38 schrieb John Hardin: > > On Thu, 26 May 2016, RW wrote: > > > > > I noticed that Bayes is picking-up on very strong tokens from > >

Re: Multiple RBLs and dynamic IPs

Am 30.05.2016 um 21:07 schrieb Alex: it's nonsense to give points for dynamic enduser machines, they are *typically* on a lot of blacklists and the users behind are changing all the time when you want to know why - try to use sbl-xbl as suggested by spiderlabs for a web-application-firewall, d

Re: Multiple RBLs and dynamic IPs

Hi, > "RCVD_IN_XBL_ALL" smells like deep header inspection > The question was: "How many points do you add to an email that *originated* from a dynamic IP that [is] on a number of blacklists?" >>> >>> >>> no - that was the question of the OP >>> i responded l

Re: Multiple RBLs and dynamic IPs

Am 30.05.2016 um 20:45 schrieb RW: On Mon, 30 May 2016 19:59:10 +0200 Reindl Harald wrote: Am 30.05.2016 um 18:11 schrieb RW: On Mon, 30 May 2016 14:12:27 +0200 Reindl Harald wrote: "RCVD_IN_XBL_ALL" smells like deep header inspection The question was: "How many points do you add to

Re: Multiple RBLs and dynamic IPs

On Mon, 30 May 2016 19:59:10 +0200 Reindl Harald wrote: > Am 30.05.2016 um 18:11 schrieb RW: > > On Mon, 30 May 2016 14:12:27 +0200 > > Reindl Harald wrote: > > > >> "RCVD_IN_XBL_ALL" smells like deep header inspection > >> > > > > The question was: > > > > "How many points do you add to an

Re: Multiple RBLs and dynamic IPs

Am 30.05.2016 um 18:11 schrieb RW: On Mon, 30 May 2016 14:12:27 +0200 Reindl Harald wrote: Am 30.05.2016 um 14:10 schrieb Matthias Leisi: Hm, that looks odd: Am 27.05.2016 um 20:15 schrieb Alex mailto:mysqlstud...@gmail.com>>: X-Spam-Report: * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed

Re: Multiple RBLs and dynamic IPs

On Mon, 30 May 2016 14:12:27 +0200 Reindl Harald wrote: > Am 30.05.2016 um 14:10 schrieb Matthias Leisi: > > Hm, that looks odd: > > > >> Am 27.05.2016 um 20:15 schrieb Alex >> >: > > > >> X-Spam-Report: > >> * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at > >

Re: Odd results when using whitelisting

Am 30.05.2016 um 16:35 schrieb Nick Howitt: Just for a bit of closure, it looks like when you use amavisd-new with SA, it is amavisd-new and not SA which is adding the X-Spam headers. In /etc/amavisd/api.conf there is a parameter, $sa_tag_level_deflt, defaulted to -99, below which no X-Spam head

Re: Odd results when using whitelisting

Just for a bit of closure, it looks like when you use amavisd-new with SA, it is amavisd-new and not SA which is adding the X-Spam headers. In /etc/amavisd/api.conf there is a parameter, $sa_tag_level_deflt, defaulted to -99, below which no X-Spam headers are set. If you whitelist, you start at

Re: Multiple RBLs and dynamic IPs

Am 30.05.2016 um 14:10 schrieb Matthias Leisi: Hm, that looks odd: Am 27.05.2016 um 20:15 schrieb Alex mailto:mysqlstud...@gmail.com>>: X-Spam-Report: * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no * trust * [116.251.209.92 listed in list.dnswl.org

Re: Multiple RBLs and dynamic IPs

Hm, that looks odd: > Am 27.05.2016 um 20:15 schrieb Alex : > X-Spam-Report: > * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no > * trust > * [116.251.209.92 listed in list.dnswl.org] -^ > * 0.0 RCVD_IN_XBL_ALL RBL: Received via a relay in S

Re: PHP eval()'d code

Am 30.05.2016 um 01:20 schrieb John Hardin: On Sun, 29 May 2016, Reindl Harald wrote: Am 29.05.2016 um 23:38 schrieb John Hardin: On Thu, 26 May 2016, RW wrote: > I noticed that Bayes is picking-up on very strong tokens from "eval" and > "code" in headers like this: > >X-PHP-Originati