> On Sat, Aug 23, 2003 at 10:38:35PM +1200, Simon Byrnand wrote:
>> Ok, I'll probably get thumped by someone for not RTFM but I'm just
>> trying
>> out 2.60-rc2 on a test machine, and for whatever reason it is not adding
>> the X-Spam-Report header on messages that are detected as spam.
>>
>> Is there a new setting to disable this which is disabled by default ?
>
> Sorta. With report_safe 0, the only way to get the report in the
> header is to also use "use_terse_report 1" (or since that's deprecated,
> "add_header spam Report _REPORT_"). I thought we documented that
> somewhere, but I can't seem to find it now.
:(
I figured out most of that a little while after posting my message.
However I still have a couple of questions about it. I had put the
following line in local.cf:
add_header spam Report _SUMMARY_
But the report doesn't look anything like the old full reports... (which I
liked...) here's an example of the same message in 2.55 and 2.60 (my 2.55
report is customized as you'll notice):
2.55:
X-Spam-Report: -------------------- Start of SpamAssassin report
--------------------
This message is probably spam. The original message has been altered
so you can recognise or block similar unwanted messages in future.
To customize your anti-spam settings, see http://webmail.igrin.co.nz/
----------------------------------------------------------------------
Content analysis details: (18.90 hits, 5 required)
FROM_ENDS_IN_NUMS (0.6 points) From: ends in numbers
RATWARE_OE_MALFORMED (2.9 points) X-Mailer contains malformed Outlook
Express version
DEAR_SOMETHING (1.9 points) BODY: Contains 'Dear (something)'
US_DOLLARS (1.1 points) BODY: Nigerian scam key phrase (million dollars)
BAYES_80 (2.9 points) BODY: Bayesian classifier says spam probability
is 80 to 90%
[score: 0.8038]
MSG_ID_ADDED_BY_MTA_3 (0.9 points) 'Message-Id' was added by a relay (3)
SUBJ_ALL_CAPS (0.5 points) Subject is all capitals
FORGED_YAHOO_RCVD (2.7 points) 'From' yahoo.com does not match
'Received' headers
FROM_HAS_UNDERLINE_NUMS (0.5 points) From: contains an underline and
numbers/letters
NIGERIAN_BODY (2.7 points) Message body has multiple indications of
Nigerian spam
FORGED_MUA_OUTLOOK (2.2 points) Forged mail pretending to be from MS
Outlook
-------------------- End of SpamAssassin report ----------------------
2.60:
X-Spam-Report: 1.0 FROM_ENDS_IN_NUMS From: ends in numbers
2.7 RATWARE_OE_MALFORMED X-Mailer has malformed Outlook Express version
2.3 DEAR_SOMETHING BODY: Contains 'Dear (something)'
0.0 BAYES_50 BODY: Bayesian spam probability is 50 to 56%
[score: 0.5002]
0.8 MSGID_FROM_MTA_BACKUP Message-Id was added by a relay
0.9 FORG
ED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
0.7 NIGERIAN_BODY2 Message body looks like a Nigerian spam message 2+
2.0 NIGERIAN_BODY1 Message body looks like a Nigerian spam message 1+
1.0 FROM_HAS_ULINE_NUMS From: contains an underline and numbers/letters
0.7 NIGERIAN_BODY4 Message body looks like a Nigerian spam message 4+
2.6 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.7 NIGERIAN_BODY3 Message body looks like a Nigerian spam message 3+
I find the original report format easier to read....this one looks more
like the terse format from 2.55, and is missing my customized lines...yet
according to the man page:
_SUMMARY_ summary of tests hit for standard report
You suggested using _REPORT_ (which I will try instead of _SUMMARY_) am I
right in thinking that will show my customized report template again ? And
yet in the man page it says:
_REPORT_ report of tests hits (in terse format, ideal for in
headers)
Which is implying you only get the terse format using _REPORT_ ? Does that
mean theres no way to get a report like the 2.55 format I pasted above ?
:(
>
> The basic idea was that with report_safe 1, there was no need to have
> the report in the header as well so it got disabled.
Fair enough...
> For report_safe 0,
> the verbose report sucked, but setting "report_safe 0" didn't necessarily
> mean you wanted the terse report in the header. Hence the above behavior.
Well I didn't think the verbose report sucked, I liked it :)
>> I've had a cursory look through the man pages but don't see anything
>> obvious, and I can't think why this default would be changed since 2.55,
>> so I'm wondering if this is a bug...
>
> The behavior isn't a bug, but it does need to be documented. Can you
> open a bugzilla ticket about this? We should add it to the report_safe
> doc.
>
>> Oh yeah, I'm talking about report_safe mode too.... (which I suspect
>> doesn't get as much testing as report_safe 1 :)
>
> You'd be surprised. For instance, my personal box only does report_safe
> 0. :)
:)
report_safe 1 is totally unworkable in the setup we have so I hope
report_safe 0 doesn't go away anytime soon...
On another note, I notice that on the spam messages I've seen so far (I'm
running 2.55 and 2.60 in parallel on two servers with my email account
splitting and going through both servers seperately as a comparison) and I
notice that Bayes doesn't seem to be working too well.
I copied the bayes database from the real server, did the sa-learn
--rebuild before and after updating etc, and everything seemed to go well
with the bayes database, but you'll notice on the above identical message
that it scored BAYES_80 and got 2.9 points for it on 2.55, but got
BAYES_50 (0 points) on 2.60.
There are several months worth of tokens in there, and the databases of
the two servers have only diverged for a couple of hours between the time
I copied it over and that message comming through, so as far as I can see
the bayes scores should have been much closer if not the same.... any idea
why that might be ?
Regards,
Simon
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
