BAYES_00 Query

Sat, 26 Apr 2014 19:43:35 -0700 

Hello Keepers of SpamAssassin Knowledge,
I've been lurking on this list for years and never had a question pop up until today. About a week ago I said, "enough is enough" regarding the amount of spam I've been receiving so I've been doing some upgrades. As such, I recently upgraded to SA 3.4 and did the recommended "sa-learn --clear" to clean out the database. I had a huge pile of recent spam and ham so I repopulated the database with those. Afterwards, here is what my "sa-learn --dump magic" looked like: 

0.000          0          3          0  non-token data: bayes db version
0.000          0      35575          0  non-token data: nspam
0.000          0       1870          0  non-token data: nham
0.000          0     180984          0  non-token data: ntokens
0.000          0 1314919780          0  non-token data: oldest atime
0.000          0 1398209850          0  non-token data: newest atime

0.000          0          0          0  non-token data: last journal  
sync atime
0.000          0 1398228671          0  non-token data: last expiry  
atime
0.000          0     691200          0  non-token data: last expire  
atime delta
0.000          0    2166321          0  non-token data: last expire  
reduction count



Yes, I had that much spam stored up.  That sa-learn took several  
hours.  But on to my question; I have been extra careful to note what  
has been slipping by the filter and here is what I've seen over the  
past two days:


3.299 (***) BAYES_00,FORGED_RELAY_MUA_TO_MX

3.92 (***)  
BAYES_00 
,FREEMAIL_FROM 
,RDNS_NONE,TBIRD_SUSP_MIME_BDRY,T_HTML_ATTACH,T_OBFU_HTML_ATTACH

-1 () BAYES_00
0.279 () BAD_CREDIT,BAYES_00
-0.988 () BAYES_00,HTML_EXTRA_CLOSE,HTML_MESSAGE,T_REMOTE_IMAGE
3.299 (***) BAYES_00,FORGED_RELAY_MUA_TO_MX
-0.988 () BAYES_00,HTML_EXTRA_CLOSE,HTML_MESSAGE,T_REMOTE_IMAGE
-0.979 () BAYES_00,FREEMAIL_FROM,T_HTML_ATTACH,T_OBFU_HTML_ATTACH

0.436 ()  
BAYES_00,DIET_1,HELO_MISC_IP,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE
0.436 ()  
BAYES_00,DIET_1,HELO_MISC_IP,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE



The thing that is common is BAYES_00 on all of these.  It's the  
standard -1 score.  Did I do something horrible with my installation  
to allow this sort of crud to slip through?  Isn't that when Bayes  
things that the mail isn't spam?  Look at some of the other rules that  
are hitting.  I cannot figure out why BAYES_00 would hit on these.


Thanks in advance.


Oh, this is a sendmail -> mimedefang -> spamassassin/clamav/razor  
installation.  Any recommendations on additional plugins to consider  
and/or SARE-like channels to subscribe to would be greatly appreciated.


Brian























					Reply via email to