Re: Again AWL confusion

Tue, 04 Aug 2009 15:38:23 -0700 

Matus UHLAR - fantomas wrote:

On 04.08.09 20:09, a...@exys.org wrote:

See the below message parts
(the complete message does not pass the MLs filter)
Notably both bayes and AWL  are wrong.
while I understand  why bayes might have done that, i dont understand
what AWL is doing here.
I have obviously never received any mail from that sender, so why does
it hit?


in later mail you mention that you run SA before greylisting. Do you use

per-use config at that time? 

nope.

Isn't it possible that someone other at your

system received mail from the same sender that didn't score much? 
  

nope. i grepped the global log. the only time that sender ever ocurs it 
was temporary rejected due to greylisting.

Since most of those checks are RBLs that is collaborative checks, it's
possible that similar message received in the past by early recipient scored
very low, and if it was autolearned as ham, it could explain the BAYES_00
too.


  

I suspect bayes liked the content. I receive a large amount of non-spam 
with similar content. Correctly spelled german in spam is rare, 
especially well formated text-only and utf8.



(oh right, i didnt include the content. SAs Spamfilter wouldnt let me 
because of the URIBL hits :-/ )

Return-path: <virenwarndie...@virenschutz-downloaden.info>
Envelope-to: a...@exys.org
Received: from host231.dhms-domainmanagement.net ([91.199.51.231])
Subject: Virenwarnung - Ihr PC ist=?UTF-8?Q?=20ungesch=C3=BCtzt?=
Content-Type: text/plain; charset="UTF-8"
Message-ID: <knuula.a6m...@localhost>
To: a...@exys.org

X-Spam-Report:
        Content analysis details:   (6.0 points, 5.0 required)
        pts rule name              description
        ---- ----------------------
--------------------------------------------------
        2.1 RCVD_IN_NJABL_SPAM     RBL: NJABL: sender is confirmed spam source
        [91.199.51.231 listed in combined.njabl.org]
        -2.6 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
        [score: 0.0000]
        2.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
        [URIs: virenschutz-downloadenDOTinfo]
        1.9 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL 
blocklist
        [URIs: virenschutz-downloadenDOTinfo]
        1.5 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL 
blocklist
        [URIs: virenschutz-downloadenDOTinfo]
        1.5 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL 
blocklist
        [URIs: virenschutz-downloadenDOTinfo]
        1.5 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL 
blocklist
        [URIs: virenschutz-downloadenDOTinfo]
        0.2 SARE_SUB_ENC_UTF8      Message uses character set often used in spam
        -1.9 AWL                    AWL: From: address is in the auto white-list
X-Spam-Flag: YES

    



  
























					Reply via email to