The Bayes system scores messages based on the occurence of tokens (pieces of text) that appear in the E-mail. The signature you mention seems to contain tokens that are very commonly used in spam. Best solution would be to rewrite the signature to not contain those tokens. I don't know how you can identify exactly which tokens are being matched but you indicate that it probably is a domain name in the signature. If that domain name shows up so much in Spam, I think you're looking at a symptom of a much bigger problem.
On 29 October 2014 11:38, Marco Tironi / 8volante Srl <tir...@8volante.com> wrote: > Thanks for your fast reply. Now I understand the big mistake: Bayesian > filter is server specific and not "public" so it's not globally manteined. > Every server have its own indexes so there is no fast solution to solve it > globally. > > I can allow that signrature for my server, but others server continue to > mark them as spam. > > Marco > > -----Messaggio originale----- > Da: Reindl Harald [mailto:h.rei...@thelounge.net] > Inviato: mercoledì 29 ottobre 2014 11:25 > A: users@spamassassin.apache.org > Oggetto: Re: Bayesian filter error? > > > Am 29.10.2014 um 10:50 schrieb Marco Tironi / 8volante Srl: > > Hi, I use a Spamassasin version 3.3.1 on Windows System and I have a > > problem with Bayesian filter: > > > > -A legitimate users send an email to our server and they are delivered > > normally > > > > -When that users insert it’s domain in the email signature the email > > is marked as spam with that header: > > > > oX-Spam-Status: Yes, hits=2.8 required=2.0 > > tests=BAYES_99,BAYES_999,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS > > autolearn=no version=3.3.1 > > > > oX-Spam-Score: 2.8 > > > > -After a few try I have noticed that if I remove the domain line form > > the signature the email is delivery correctly > > > > -That users report that the problem is the same on many server (I > > think that’s because all use BAYES filter > > > > How can I inform the manteiners of Bayes Filter of this false positive? > > normally i would expect that behavior triggered by URI blacklists which did > not hit in the tests - if it is really bayse than it means a lot of > messages > containing this domain are trained as spam and none as ham > > a bayse relies on proper training > > meaning you need at least the same amount ham samples for a really good > working one as you have spam samples > > what says "sa-learn --dump magic" > > >
