>Could the score of 25 be
>because of (baysConfidenceHalfScore) is turned on?
Yes!
>[scoring] - Prob: 1.00000 - Confidence: 0.00000 => doubtful.spam -
>answer/query relation: 100% of 199
This looks strange, the confidence should be near 1.0000 - check your
corpus confidence/norm.
Thomas
Von: Jay <h...@herodata.com>
An: assp-user@lists.sourceforge.net
Datum: 29.04.2016 19:52
Betreff: Re: [Assp-user] Email flow question
Good day.
I just wanted to thank everyone for their input with my questions for
ASSP. I appreciate the help and so far the changes I have made made a
positive impact. Not seeing as many of the spam emails get through now.
So thank you.
I do have one last thing that is bugging me and hopefully someone can
answer. Looking through the log file today on a spam that did get
through I noticed this in the log and for the life of me I can't seem to
figure out where this number is coming from:
Apr-29-16 11:49:32 m1-44971-12565 [Worker_5] [TLS-in] 65.55.90.176
<sen...@somewhere.com> to: recipi...@somemail.com Bayesian Check
[scoring] - Prob: 1.00000 - Confidence: 0.00000 => doubtful.spam -
answer/query relation: 100% of 199
Apr-29-16 11:49:32 m1-44971-12565 [Worker_5] [TLS-in] 65.55.90.176
<sen...@somewhere.com> to: recipi...@somemail.com Message-Score: added
25 for Bayesian Probability: 1.00000, total score for this message is now
-5
The part that is bugging me is the score of 25. I checked the
baysValencePB and the scoring is set to 49. Could the score of 25 be
because of (baysConfidenceHalfScore) is turned on? It is on by default.
Otherwise I am at a loss where ASSP thinks the baysValencePB, if that's
what is in play here, is 25. Any ideas on this?
// <javascript:void(0);>
On 4/28/2016 2:40 PM, Jay wrote:
> So I changed the settings in the PB per the suggestions you made.
>
>> X-Assp-Message-Score:25 (Bayesian Probability: 1.00000)
>> X-Assp-IP-Score:25 (Bayesian Probability: 1.00000)
> why not sticking with the default (49)? any good reason?
>
> I checked the section for Bayesian in the PB and baysValencePB was set
> to 50. I changed it back to the default number of 49. I am assuming
> this is what you were referring to correct?
>
>
>
> On 4/28/2016 1:46 PM, Jay wrote:
>> Thank you for the suggestions. I will implement the changes you
>> suggested. I appreciate it.
>>
>>
>> On 4/28/2016 5:04 AM, aquilinux wrote:
>>> Hi Jay, you really need to adjust your scores because they seem way
too
>>> permissive...
>>>
>>>> X-Assp-Message-Score:-10 (SSL-TLS-connection-OK)
>>>> X-Assp-IP-Score:-10 (SSL-TLS-connection-OK)
>>> this is nonsense imho.
>>> everyone now uses ssl/tls to connect so giving a -10 bonus here means
>>> lowering a lot the assp effectiveness.
>>> set *tlsValencePB* to *0*
>>>
>>>> X-Assp-Message-Score:-15 (In Penalty White Box)
>>> it happens... some new spammers manage to get to the White Box. not
>>> a big
>>> problem, just teach assp this is spam. you can even add the ip to PB
>>> Black
>>> if you find out that it is crap (whois is your friend).
>>> Fool me once, shame on you... fool me twice, shame on me.
>>>
>>>> X-Assp-Message-Score:25 (Bayesian Probability: 1.00000)
>>>> X-Assp-IP-Score:25 (Bayesian Probability: 1.00000)
>>> why not sticking with the default (49)? any good reason?
>>>
>>>> PenaltyMessageLow set to 40 and the PenaltyMessageLimit set to 65.
>>> again, why not sticking with the default (50)? any good reason?
>>> i had to admit that, over many years, default scoring values turned
>>> out to
>>> be the best choice except.
>>> same considerations for tlsValencePB apply for *spfpValencePB*. Set
>>> it to *0
>>> *since most of the spam/ube nowadays comes from very well configured
>>> servers (SPF, DKIM).
>>>
>>> Regards,
>>> aqx
>>>
>>>
>>>
>>>
>>> On Wed, Apr 27, 2016 at 8:31 PM, Jay <h...@herodata.com> wrote:
>>>
>>>> Good day.
>>>>
>>>> I have a question that I am hoping isn't too complicated to answer.
>>>> When
>>>> an email hits ASSP, what is the procedure ASSP follows in the
>>>> process of
>>>> determining if an email should be allowed or not? More specifically,
>>>> does the email get scored by the Penalty Box, then passed along to
the
>>>> Bayesian and HMM database? I am still trying to figure out why some
of
>>>> the emails we are seeing get through ASSP shouldn't be allowed
>>>> through.
>>>> For example, I submit a analyze report to ASSP for a particular email
>>>> that continues to get through, Bayesian and HMM analysis label the
>>>> email
>>>> as confident spam but emails like this still get through. I have the
>>>> PenaltyMessageLow set to 40 and the PenaltyMessageLimit set to 65. Is
>>>> the PenaltyMessageLimit set too high? I saw that 50 is the default.
>>>>
>>>> Here's an example of what is in the header information in case you
>>>> needed to see this:
>>>>
>>>> X-Assp-Version:2.5.1(16100) on mail.somemailserver.com
>>>> X-Assp-ID:mail.somemailserver.com
>>>> X-Assp-Session:3DD721F0 (mail 1)
>>>> X-Assp-Detected-RIP:223.176.172.29
>>>> X-Assp-Source-IP:223.176.172.29
>>>> X-Assp-Envelope-From:sen...@gmail.com
>>>> X-Assp-Intended-For:recipi...@somewhere.com
>>>> X-Assp-Client-TLS:yes
>>>> X-Assp-Message-Score:-10 (SSL-TLS-connection-OK)
>>>> X-Assp-IP-Score:-10 (SSL-TLS-connection-OK)
>>>> X-Assp-Delay:not delayed (209.85.192.193 in whitebox (PBWhite)); 27
>>>> Apr
>>>> 2016 10:34:39 -0400
>>>> X-Assp-Message-Score:-15 (In Penalty White Box)
>>>> X-Assp-Message-Score:49 (HMM Probability: 1.00000)
>>>> X-Assp-IP-Score:49 (HMM Probability: 1.00000)
>>>> X-Assp-Message-Score:25 (Bayesian Probability: 1.00000)
>>>> X-Assp-IP-Score:25 (Bayesian Probability: 1.00000)
>>>> X-Assp-Tag:MessageLimit
>>>> X-Assp-Spam:YES (Probably)
>>>> X-Spam-Status:yes
>>>> X-Assp-Spam-Reason:MessageScore passed low limit
>>>> X-Assp-Message-Totalscore:49
>>>> X-Assp-Spam-Level:**********
>>>> X-Assp-DKIM:not verified
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
------------------------------------------------------------------------------
>>>>
>>>> Find and fix application performance issues faster with Applications
>>>> Manager
>>>> Applications Manager provides deep performance insights into multiple
>>>> tiers of
>>>> your business applications. It resolves application problems
>>>> quickly and
>>>> reduces your MTTR. Get your free trial!
>>>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>>>> _______________________________________________
>>>> Assp-user mailing list
>>>> Assp-user@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>>>
>>>
>>>
>>>
>>>
>>>
------------------------------------------------------------------------------
>>>
>>> Find and fix application performance issues faster with Applications
>>> Manager
>>> Applications Manager provides deep performance insights into
>>> multiple tiers of
>>> your business applications. It resolves application problems quickly
>>> and
>>> reduces your MTTR. Get your free trial!
>>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>>>
>>>
>>> _______________________________________________
>>> Assp-user mailing list
>>> Assp-user@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>>
>>>
>>> -----
>>> No virus found in this message.
>>> Checked by AVG - www.avg.com
>>> Version: 2016.0.7539 / Virus Database: 4563/12122 - Release Date:
>>> 04/28/16
>>
>>
>>
>>
>>
------------------------------------------------------------------------------
>>
>> Find and fix application performance issues faster with Applications
>> Manager
>> Applications Manager provides deep performance insights into multiple
>> tiers of
>> your business applications. It resolves application problems quickly
and
>> reduces your MTTR. Get your free trial!
>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>>
>>
>> _______________________________________________
>> Assp-user mailing list
>> Assp-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>
>>
>> -----
>> No virus found in this message.
>> Checked by AVG - www.avg.com
>> Version: 2016.0.7539 / Virus Database: 4563/12122 - Release Date:
>> 04/28/16
>
>
>
>
>
------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications
Manager
> Applications Manager provides deep performance insights into multiple
tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>
>
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2016.0.7539 / Virus Database: 4563/12122 - Release Date:
04/28/16
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications
Manager
Applications Manager provides deep performance insights into multiple
tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
