I'm semi-asleep at the switch. The autolearn=no means you do indeed
have Bayes turned off or completely untrained. Very seriously, a well
trained Bayes is your BEST spam fighting friend. So are the rule sets
at http://www.rulesemporium.com/.
I am still back on 3.0.6. I have not had a stock spam get by the filters
in over a year. Both Bayes and the SARE rules I run seem to nail them.
But the SINGLE most RELIABLE spam catcher is BAYES_99 set to 5.0, per
user Bayes well trained, and spoon feeding salearn with known cases of
missed spam that do not contain a preponderance of unique words typical
for what I consider ham.
(I have gotten Bayes to the state that it has not flagged a single ham
in the last month while it has flagged about 90.65% of all spam. Likewise
BAYES_00 has flagged about 0.04% of spam and 81.17% of ham. This is on
about 100,000 messages over 10.5 weeks.)
{^_^} Joanne
----- Original Message -----
From: "NW7US, Tomas" <[EMAIL PROTECTED]>
To: <users@spamassassin.apache.org>
Sent: Wednesday, June 07, 2006 23:42
Subject: Another example...
Here are headers from another example of spam, that is marked STRONGLY as
NOT being spam. What is VERY interesting about THIS one, is that it seems
to actually be FROM me!!! However, it made its rounds on other servers,
first. Is it possible someone is spoofing my email address?? Or, is
there a gateway e-mail hole on my server?
Here are the headers: (and, I deleted my whitelists, like the auto learn
one, etc.)
Return-Path: <[EMAIL PROTECTED]>
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01)
on helios.hfradio.org
X-Spam-Level:
X-Spam-Status: No, score=-86.2 required=1.0 tests=HTML_MESSAGE,
MIME_HTML_ONLY, MIME_HTML_ONLY_MULTI,
MPART_ALT_DIFF,RCVD_ILLEGAL_IP,RCVD_NUMERIC_HELO,
UNPARSEABLE_RELAY,URIBL_JP_SURBL,URIBL_OB_SURBL,
URIBL_SBL, URIBL_SC_SURBL,URIBL_WS_SURBL,
USER_IN_WHITELIST autolearn=no version=3.1.3
Received: from 60.234.111.150 ([60.234.111.150]) by helios.hfradio.org
(8.12.11/8.12.11) with ESMTP id k586UPVE019859 for
<[EMAIL PROTECTED]>; Wed, 7 Jun 2006 23:30:28 -0700
Envelope-to: [EMAIL PROTECTED]
Delivery-date: Thu, 08 Jun 2006 18:36:11 +1200
Received: from [242.112.30.100] (helo=86678721) by 60.234.111.150
with smtp (Exim 4.60 (FreeBSD)) (envelope-from
<[EMAIL PROTECTED]>) id
W3mNJ-2xnyDQA-8Kx for [EMAIL PROTECTED]; Thu, 08 Jun 2006
18:36:11 +1200
Received: from gallery48.freeserve.co.uk (02055232 [17238173668])
by 124.1.211.112 (Qmailv1) with ESMTP id 0FJ2Y8TBN for
<[EMAIL PROTECTED]>; Thu, 08 Jun 2006 17:36:07 +1200
Date: Thu, 08 Jun 2006 17:36:07 +1200
From: "Jon R. Pirrello Jr" <[EMAIL PROTECTED]>
X-Mailer: The Bat! (v2.12.00) Personal
X-Priority: 3
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: General health store
X-IMAPbase: 1148015368 4545
Status: O
X-UID: 4545
Content-Length: 11005
X-Keywords:
X-Antivirus: AVG for E-mail 7.1.394 [268.8.2/357]
Mime-Version: 1.0
Content-Type: multipart=mixed;
b0undary="=======AVGMAIL-4487C4C83823======="
(I changed the last header, in case it might case a problem... the message
has an attachment that contained a virus or trojan.)
I could really use some help in figuring out how to end this sort of
activity.
Thanks,
73 de Tomas, NW7US ( http://ic-discipleship-ministries.org/ )
: Propagation Editor for CQ, CQ VHF, Popular Communications :
: Creator; live propagation center http://prop.hfradio.org/ :
: Associate Member of Propagation Studies Committee of RSGB :
: 122.93W 47.67N / Brinnon, Washington USA CN87 CW/SSB/DIGI :
: 10x56526, FISTS 7055, FISTS NW 57, Lighthouse Society 144 :
: Technical Writer for http://entirenet.net (Microsoft KB) :
