check your Bayesian config 'DoBayesian' seems to be configured to 'block' 'BayesWL' and/or 'BayesNP is switched on
Thomas Von: Jay <h...@herodata.com> An: For Users of ASSP <assp-user@lists.sourceforge.net> Datum: 27.08.2015 21:23 Betreff: [Assp-user] Whitelisted Users rejected as Spam? The current build we are on is 2.4.5(15162). So my problem just keeps getting weirder and weirder. This all seems to be traveling it's way back to the fear that my ASSP database is definitely poisoned and needs to be addressed. I got a call today from one of my users that does business with a long term client. The client has been getting blocked by the spam filter even though they are already on the white list and have been for years. It was my understanding that once a user is white listed in ASSP that they are no longer subjected to Bayesian matching and are allowed through. This does not make any sense. Here's a snippet of my log file from ASSP for one of the blocked messages. (I masked the IP and actual email addresses) Aug-27-15 11:59:58 [Worker_3] Connected: session:2AFB631C XX.XX.XXX.XXX:60528 > XX.XXX.XXX.XXX:25 > 127.0.0.1:26 Aug-27-15 11:59:59 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX <sen...@user.com> info: found message size announcement: 1.92 MByte Aug-27-15 11:59:59 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX <sen...@user.com> message proxied without processing - message size (2008713) is above 500000 (npSize). Aug-27-15 11:59:59 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX <sen...@user.com> to: recipi...@company.com info: detected IP's on the mail routing way: 50.56.144.247, 50.56.144.22 Aug-27-15 11:59:59 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX <sen...@user.com> to: recipi...@company.com info: detected source IP: XX.XX.XXX.XXX Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX <sen...@user.com> to: recipi...@company.com Message-Score: added -15 (pbwValencePB) for In Penalty White Box, total score for this message is now -15 Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX <sen...@user.com> to: recipi...@company.com Message-Score: added -15 (pbwValencePB) for (OIP: XX.XX.XXX.XXX) In Penalty White Box, total score for this message is now -30 Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX <sen...@user.com> to: recipi...@company.com Message-Score: added -15 (pbwValencePB) for (OIP: XX.XX.XXX.XX) In Penalty White Box, total score for this message is now -45 Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX <sen...@user.com> to: recipi...@company.com Bayesian Check - Prob: 1.00000 => spam Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX <sen...@user.com> to: recipi...@company.com Message-Score: added 39 for Bayesian Probability: 1.00000, total score for this message is now -6 Aug-27-15 12:00:00 m1-91199-20883 [Worker_3] [Bayesian] XX.XX.XXX.XXX <sen...@user.com> to: recipi...@company.com [spam found] (Bayesian) [Lot 1 CWF Work Order Documents] -> c:/assp/discarded/20883--4453557.eml; Aug-27-15 12:00:02 m1-91199-20883 [Worker_3] XX.XX.XXX.XXX <sen...@user.com> to: recipi...@company.com [SMTP Error] 554 Mail appears to be unsolicited SPAM-- So the client is sen...@user.com and has been on the white list for a long time. This situation seems to have cropped up since we updated ASSP about 3 weeks ago. Here's what I got back from the white list report: sen...@user.com: already on whitelist <------ This is what puzzles me, why did the user get their message rejected but they are on the white list? Two things concern me here, 1. Why are white listed users still being subjected to Bayesian matching? and 2. How do I go about fixing the issue with Bayesian? I submitting the email to the mail analyzer and here's the output: Feature Matching: All green dots and every check here, Whitelisted Domains, On Global Whitelist, SPF-Check, URIBL, Known Good HELO, valid MX record, valid A record, RBLCheck, etc. Here's the Bayesian Analysis: Bad Words Bad Prob randnumber randnumber 1 blines blines 0.9991 font family 0.9985 mso style 0.9975 font size 0.9949 font face 0.9932 face font 0.9932 style priority 0.9902 if you 0.9848 randnumber 0pt 0.9848 size randnumber 0.9848 0in 0in 0.9737 com sender 0.9737 margin bottom 0.9737 randnumber font 0.9737 family calibri 0.9737 priority randnumber 0.9737 you have 0.9737 sans serif 0.9737 ssub ssub 0.9737 panose randnumber 0.9737 0pt font 0.9737 div wordsection1 0.9444 blue text 0.9444 wordsection1 size 0.9444 export only 0.9444 panose font 0.9444 thank you 0.9444 emailstylerandnumber mso 0.9444 color blue 0.9444 com rcpt 0.9444 msohyperlink mso 0.9444 style definitions 0.9444 msohyperlinkfollowed mso 0.9444 visited span 0.9444 type export 0.9444 calibri panose 0.9444 li msonormal 0.9444 fax randnumber 0.9444 0in margin 0.9444 text decoration 0.9444 serif color 0.9444 wordsection1 page 0.9444 Good Words Good Prob work order 0.0002 lot ssub 0.0002 ssub lot 0.0002 questions thank 0.0012 homes randnumber 0.0021 color windowtext 0.016 shiloh il 0.0196 wordsection1 attachment 0.02 randnumber office 0.0274 randnumber mobile 0.0316 windowtext msochpdefault 0.0435 compose font 0.0463 com style 0.0497 always please 0.0556 ssub documents 0.0556 blines andrea 0.0556 combined probability: 1.00000000 - got 137 - used 60 most significant results Sorry for the massive post but this is really concerning me and in the years I have been using ASSP I have never seen this type of situation happen where a white listed user got email rejected due to ASSP thinking it's spam. We just upgraded ASSP from version 2.4.1(14085) to version 2.4.5(15162) on 8/7/2015. All I did was drop in the update files ASSP.pl and ASSP_pop3.pl. I had to update 2 modules that were out of date ASSP_FC from version 1.04 to 1.05 and ASSP_SVC 1.02 to version 1.03. I have not changed anything in my config file and it's the same as it has been. Any suggestions or advice is greatly appreciated. ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
