On Thu, Jan 28, 2010 at 7:53 PM, John Hardin <jhar...@impsec.org> wrote:
> On Wed, 27 Jan 2010, ram wrote: > > On Wed, Jan 27, 2010 at 9:54 AM, John Hardin <jhar...@impsec.org> wrote: >> >> On Wed, 27 Jan 2010, ram wrote: >>> >>> it works, but i see most of the mails are tagged as SPAM. >>> >>> A little more detail, please: Are you complaining about seeing lots of >>> false positives? Or are you complaining about seeing lots of properly >>> classified spams that are being delivered to your mailbox when you don't >>> want them to be delivered to your mailbox? >>> >>> If the former, and both those samples were from false positives, then >>> your bayes appears to need retraining. >>> >> >> yes they are false positive >> >> even person sending just simple mail "hi how are you" >> its treating as spam and not able send mail and it is rejecting >> both the sides, outgoing and incoming >> > > Hi thanks for your quick responce some of my information i have changed like ip address and domain names > Can you post the complete headers from such an inbound false positive? here is the simple mail requested locally asking for new mailID Return-Path: sen...@domain.com <sen...@domain.com> Delivered-To: t...@domain.com X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.sol.net.in X-Spam-Level: ***** X-Spam-Status: Yes, score=5.6 required=5.0 tests=DEAR_SOMETHING, FH_DATE_PAST_20XX,NO_RELAYS autolearn=no version=3.2.5 X-Spam-Report: * 3.4 FH_DATE_PAST_20XX The date is grossly in the future. * -0.0 NO_RELAYS Informational: message was not relayed via SMTP * 2.2 DEAR_SOMETHING BODY: Contains 'Dear (something)' Received: (qmail 8836 invoked by uid 48); 27 Jan 2010 14:33:13 +0530 To: t...@domain.com Subject: [SPAM] mailid MIME-Version: 1.0 Date: Wed, 27 Jan 2010 14:33:13 +0530 From: sen...@domain.com Message-ID: <309f6a80cf3833e2a47b801cf4b93...@domain.com> X-Sender: sen...@domain.com User-Agent: Company Webmail/0.3.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 X-Spam-Prev-Subject: mailid Or do you have simscan configured to completely delete spams rather than quarantining them? @400000004b610d3003da07d4 simscan:[19879]:SPAM REJECT (7.00/5.00):3.3421s:[SPAM] mail:x.x.x.211:f...@domain.com:t...@domain.com even simple mail it hits 3.4 @400000004b5db6be10acf584 simscan:[10034]:CLEAN (3.40/5.00):5.4026s:Re_ mail from:x.x.x.10:send...@domain.com:recei...@yahoo.com this is mail sent from yahoo to my domain.com Hi. This is the qmail-send program at yahoo.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <u...@domain.com>: (MYSERVERIP) failed after I sent the message. Remote host said: 554 Your email is considered spam (5.10 spam-hits) --- Below this line is a copy of the message. Return-Path: <u...@yahoo.com <u...@yahoo.com>> Received: (qmail 1647 invoked by uid 60001); 25 Jan 2010 15:45:45 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1264434345; bh=rqUtJyMLicobcyhmr74TepjmUQAEmlazKT3vjV/n3aA=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=YguNuhzD1Rin2zserVev7wc8xFv0OvPQWaEtOhEzGHLk4xQDfvpROEa8LmfoV42+/60FcgfZQ583qLfcYS4Nhr9k7Cj7saEKadq01riAkv5R6oFAnHpLpI1Ch9ldw6a7aYFpDvzHoigin/MdHNDRyryV8/ge3VJkUQGE3q+lDPA= DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=ukmcU3+ntQciOpxQAs5wD6eeMyqhoBAZpC7JPx+6kvgl2XUsExdM5zua1fQvib7sKRzW3XwMPMlSEl3udGVYqanBkXvW8+uEhbQd/Ouf+bS7arAtNovq6jalosQD2U4TJ0QXZBFWL2rP75L7IPyo2PGbJzfAE0n4u3WwhZt85ok=; Message-ID: <854000.982...@web50407.mail.re2.yahoo.com> X-YMail-OSG: xzkFu1wVM1kvOC_p_A.2KDQosFYh84Thdznof8TcPGY_K9N0pMQeCGgj4BVJgnq18AbGG.eHPB2yZvPP8Js2cWEFSFYEh.GcCQP6yEIXnJ5qfu7OR0xXnJIly2mec7hlEnBH4vSyb7U_ocsXgCqVEyLAKbzpCU.Cnc1KAPedBc0Ygra2Ejml8uQo2GIsJ7qIRpjfyZ0on8fZ6Y2PVfT7rSS6IjgiCnsqOxMaGp7WUCR9uMTzrKCFbUN4eSwKtq6tRbfaDO.wIXYyp66AayMBJMBCxAQDYbOWcqk5bkOAT0QJArx4RWfCckJGoKaRDA-- Received: from [ClientIP] by web50407.mail.re2.yahoo.com via HTTP; Mon, 25 Jan 2010 07:45:45 PST X-Mailer: YahooMailRC/272.7 YahooMailWebService/0.8.100.260964 Date: Mon, 25 Jan 2010 07:45:45 -0800 (PST) From: hari <u...@yahoo.com <u...@yahoo.com>> Subject: testing To: u...@domain.com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii > > What is the output from "sa-learn --dump magic" ? > 0.000 0 3 0 non-token data: bayes db version 0.000 0 0 0 non-token data: nspam 0.000 0 0 0 non-token data: nham 0.000 0 0 0 non-token data: ntokens 0.000 0 0 0 non-token data: oldest atime 0.000 0 0 0 non-token data: newest atime 0.000 0 0 0 non-token data: last journal sync atime 0.000 0 0 0 non-token data: last expiry atime 0.000 0 0 0 non-token data: last expire atime delta 0.000 0 0 0 non-token data: last expire reduction count > > How are you training Bayes currently? > its recently installed, we have not yet gone till that level > > Did you retain your training corpora? no appriciate kind help Ram > -- > John Hardin KA7OHZ http://www.impsec.org/~jhardin/ > jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > ----------------------------------------------------------------------- > The world has enough Mouse Clicking System Engineers. > -- Dave Pooser > ----------------------------------------------------------------------- > Today: the 24th anniversary of the loss of STS-51L Challenger >
