This is a clear software failure from what I can see, unless someone can tell me why it wasn't caught.
From what you describe, there is no indication that the software failed (unless you're an oddly brilliant mathematician ('oddly' because the formulas used in Bayesian filtering aren't correct, by design) and have intimate knowledge of the probabilities for all the words in the E-mail).
Bayesian filtering doesn't say "OK, this spam has the word 'Nigeria' and the phrase 'diplomatic immunity', therefore it is spam." It says "OK, this spam has the word 'Nigeria' and the phrase 'diplomatic immunity', therefore there is a 90% chance that it is spam. It also has the word 'terrorist', which is reduces the odds to 45%, ..."
In this case, the logs show the words that IMail picked, and only 2 have a high probability of spam ("ibe" and "Montoya"). I would suggest checking your database to see what the probability is for the word Nigeria. Perhaps you have a Nigerian user that is throwing off the stats (remember, for Bayesian filtering to work properly, you must properly train it for each user).
Furthermore, it looks like it started the delivery process at 20:26:59 before it even went to the spam phrase list at 20:27.
That just indicates that it took anywhere from less than a millisecond to as long as a minute to scan the E-mail. :)
The first part of the email:
-----Original Message----- From: ibe festus [mailto:[EMAIL PROTECTED] Sent: Friday, April 16, 2004 8:33 PM To: [EMAIL PROTECTED] Subject: *JOINT VENTURE*
FYI, although it probably does not matter in this specific case, without the full headers of a spam, it is usually impossible to tell why it was not caught.
20040416 202627 127.0.0.1 SMTPD (79b200e4013490e9) performing antispam checks
20040416 202659 127.0.0.1 SMTP (79b200e4013490e9) processing d:\IMail\spool\Q79b200e4013490e9.SMD
This is the real delay (about 30 seconds). That's probably due primarily to the serial processing of blacklists (one-at-a-time), which is much slower (often 10 times slower or more) than the preferred parallel processing of blacklists (sending out all the requests at once, and waiting for all responses).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
