Re: Bayes and celebrity spam

Tue, 29 Jan 2008 17:51:57 -0800 

On Tue, 2008-01-29 at 20:22 -0500, Theo Van Dinter wrote:
> On Tue, Jan 29, 2008 at 07:51:03PM -0500, Robert Fitzpatrick wrote:
> > I have some users getting slammed with this spam. Before I start trying
> > to figure out how to intercept, can someone test this message and tell
> > me if your getting a score above 5.0?
> > 
> > http://esmtp.webtent.net/test.txt
> > 
> >  2.5 MISSING_HB_SEP         Missing blank line between message header and 
> > body
> 
> This appears to be a badly pasted email.  For example, the topmost Received
> header (and then a lot of the rest of the headers) is malformed.
> 
> Hitting MISSING_HB_SEP w/ real mails is possible, but very uncommon.  If you
> see it hitting somewhere, you're more likely to have a misconfiguration in
> your setup than a valid hit.
> 

Thanks for the tips, I pasted from Maia Mailguard web GUI by clicking
View Raw. Not sure if you're familiar, Maia is an amavisd-2.2 spin off.
I exported contents from the pgsql db this time with another suspect and
seeing something very wrong. While Maia shows a negative score on this
next test with Bayes factored...

 0.001 HTML_MESSAGE HTML included in message
-2.599 BAYES_00 Bayesian spam probability is 0 to 1%

It scores way over kill with zero Bayes points when running from the
command line...

Content analysis details:   (9.2 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 MISSING_MID            Missing Message-Id: header
 0.0 MISSING_DATE           Missing Date: header
 2.5 MISSING_HB_SEP         Missing blank line between message header and body
 1.3 MISSING_HEADERS        Missing To: header
 0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
                            [score: 0.4988]
 2.2 TVD_SPACE_RATIO        BODY: TVD_SPACE_RATIO
 1.8 MISSING_SUBJECT        Missing Subject: header
 1.4 EMPTY_MESSAGE          Message appears to have no textual parts and no
                            Subject: text

http://esmtp.webtent.net/test2.txt

I have gone through my debug, but can't seem to spot any problems. How
can one send debug output to file? And what do you think I should be
looking for given the results of my test?

-- 
Robert

Reply via email to