sa-stats and Spamtagging

LuKreme Tue, 13 Feb 2007 07:32:32 -0800

I recently ran sa-stats (Dallas's script, not the one in SA)

Email: 10373 Autolearn: 1575 AvgScore: 7.45 AvgScanTime:3.74 secSpam: 6179 Autolearn: 680 AvgScore: 12.44 AvgScanTime:4.03 secHam: 4194 Autolearn: 895 AvgScore: 0.10 AvgScanTime:3.33 sec


Time Spent Running SA:        10.79 hours
Time Spent Processing Spam:    6.91 hours
Time Spent Processing Ham:     3.88 hours

TOP SPAM RULES FIRED
----------------------------------------------------------------------
RANK    RULE NAME                       COUNT  %OFMAIL %OFSPAM  %OFHAM
----------------------------------------------------------------------
   1    HTML_MESSAGE                     4549    74.92   73.62   76.82
   2    BAYES_99                         3941    40.06   63.78    5.10
   3    AWL                              2179    49.99   35.26   71.67
   4    BOTNET                           1866    18.40   30.20    1.03
   5    URIBL_JP_SURBL                   1667    16.15   26.98    0.19
----------------------------------------------------------------------

TOP HAM RULES FIRED
----------------------------------------------------------------------
RANK    RULE NAME                       COUNT  %OFMAIL %OFSPAM  %OFHAM
----------------------------------------------------------------------
   1    HTML_MESSAGE                     3222    74.92   73.62   76.82
   2    AWL                              3006    49.99   35.26   71.67
   3    BAYES_00                         2522    25.40    1.83   60.13
   4    MIME_HTML_ONLY                   1693    28.26   20.04   40.37
   5    FORGED_RCVD_HELO                 1195    16.77    8.82   28.49
----------------------------------------------------------------------

Now, perhaps I am misunderstanding, but BAYES_99 is hitting on 5% ofham? and AWL on 35% of spam?

Looking at this is looks to my, albeit untrained, eye as is somethingis quite wrong with my spam-tagging solution.

Now, to be fair, a large percentage of the incoming spam is beingstopped by greylisting before SA ever sees it.

Am I worrying over nothing? I do seem to get spam only on thoseaccounts for which greylisting is inactive, but on those I get a LOTthat SA fails to tag, including just about every one of those imagespams with the 2K or so of seemingly randomish text in the plain/textportion.

I am running RDJ with several rules and my SA version isSpamAssassin-3.1.7


TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS RANDOMVAL
BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_BML SARE_SPOOF
SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER_ABUSE
SARE_SPECIFIC SARE_CODING_HTML SARE_GENLSUBJ SARE_UNSUB SARE_URI0
SARE_REDIRECT_POST300 SARE_OBFU";

and RDJ is not reporting any errors

--

#27794 <Vellius> ... I wonder if the really nerdy Klingons learn howto speak english

sa-stats and Spamtagging

Reply via email to