On Sat, 17 Oct 2015, frede...@ofb.net wrote:
I'm getting a lot of spam, perhaps 25 messages/day, and about half of it gets through Spamassassin. I'm trying to figure out how to fix the situation.
Care to post the rules hits for some of the FNs? That should be in their headers. That might let is provide more specific advice, for instance: are you hitting URIBL_BLOCKED?
I tried using the "sought" ruleset following instructions from http://taint.org/2007/08/15/004348a.html, but didn't see much difference.
Sadly that's gone stale and may not help much with current spam. The last time I saw an update was March 2014.
I'm concerned that the BAYES_* rules aren't showing up in my spam headers
The two most common causes for that are, insufficient tokens learned and learning under teh wrong user.
Here's the output of sa-learn --dump magic: 0.000 0 15466 0 non-token data: nspam 0.000 0 30317 0 non-token data: nham
You have plenty of tokens, so it's likely you're training Bayes as a different user than SA is running under, and you don't have a site-wide user-independent Bayes configured.
Relatedly, if I create rules for e.g. ATTN, "stock tip",
Funny you should mention that particular one. I just noticed it had popped up to the top of the masscheck corpora hits, and I've pushed a scored rule for it. Hopefully that will start getting points tomorrow.
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- I'll have that son of a bitch eating out of dumpsters in less than two years. -- MS CEO Steve Ballmer, on RedHat CEO Matt Szulik -----------------------------------------------------------------------
