> > Aug 19 15:03:11 hsoakmsa03l02 spamd[28319]: spamd: result: Y 4 - > > > BAYES_50,HTML_MESSAGE,MIME_HTML_ONLY,SPF_HELO_PASS,URIBL_BLACK,URIBL_RH > S_DOB > > > scantime=0.2,size=4543,user=filter,uid=124,required_score=0.0,rhost=10. > 80.65.9,raddr=10.80.65.9,rport=53097,mid=<509800d.5...@biblegame.info>, > bayes=0.498828,autolearn=no > > All BAYES_50? Silly question, but are you sure you're properly > training? > Running sa-learn as the right user, and all that? > > All but one have subsecond scan times. Did you score an old Cray or > something? :) That might indicate a problem, not sure. > > So you have any SMTP-time DNSBL checks in place on the public MTA?
I will look into the bayes issue. It is possible that I'm not training as the proper user. Normally we always use the user "filter". Everything else seems to be working right. Not sure why the scan time is sub second on those emails. As for the MTA, yes, we do use RBL's (listed below) reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client rhsbl.ahbl.org, reject_rbl_client dnsbl-1.uceprotect.net, Scan time on the ones below, that were marked as spam, still had very low scan times. Aug 18 04:25:47 hsoakmsa03l02 spamd[21306]: spamd: result: Y 10 - BAYES_95,DATE_IN_PAST_03_06,URIBL_BLACK,URIBL_JP_SURBL scantime=0.2,size=3331,user=filter,uid=124,required_scor e=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rport=39455,mid=<oetds6-oo6bsfb8...@mx2.tiresled.com>,bayes=0.971262,autolearn=no Aug 18 04:29:34 hsoakmsa03l02 spamd[21306]: spamd: result: Y 29 - BAYES_99,HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,MPART_ALT_DIFF_COUNT,SUBJECT_NEEDS_ENCODING,SUBJ _YOUR_DEBT,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RED,URIBL_WS_SURBL scantime=0.4,size=3376,user=filter,uid=124,required_score=0.0,rhost=10.80.65.9,raddr=10.80.65.9,rpo rt=41968,mid=<0.0.18.6fd.1ca1fdc484bc7b4.13a...@mail.provisionmoo.com>,bayes=1.000000,autolearn=spam Anyway, I will look into the bayes as to why these are being seen as bayes_50 and also look into the bayes training scripts. One quick question. On out old SA boxes I believe we had several SARE rules in place. This box doesn't. It's been a while since I've kept up with the recommended rules for general SA machines. Is it recommended to put SARE rules in place anymore? Gary
