Re: Is Bayes Dead? Have the spammers won?
--On 23 March 2007 11:08:12 -0700 Marc Perkel [EMAIL PROTECTED] wrote: What I think my problem might be is that I have done so much work prescreening messages with Exim that what's left isn't good stock for autolearn. I think what I need is a separate dedicated learner server that is selective and smart about what it learns. You could do a fake reject, post-data, and pass the spam to your learning engine. Don't forget that you MUST also pass it some ham. -- Ian Eiloart IT Services, University of Sussex x3148
Re: Is Bayes Dead? Have the spammers won?
Ian Eiloart wrote: --On 23 March 2007 11:08:12 -0700 Marc Perkel [EMAIL PROTECTED] wrote: What I think my problem might be is that I have done so much work prescreening messages with Exim that what's left isn't good stock for autolearn. I think what I need is a separate dedicated learner server that is selective and smart about what it learns. You could do a fake reject, post-data, and pass the spam to your learning engine. Don't forget that you MUST also pass it some ham. Yes - that's what I'm doing now. I'm also checking for graphic attachments and if there's an embedded graphic I strip the body out and leard the headers only to prevent bayes poisoning. It seems to be working better now. Still need to give it time.
Re: Is Bayes Dead? Have the spammers won?
R Lists06 wrote: Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid This is quite possible. I have heard other stories of people using things like greylisting and rbls to reject at smtp time that the only things that eventually made it to SA were so limited that it would produce odd results for bayes. From my experience, the more you throw at bayes, the better it gets. The more selective you are, the less it has to work with. Jim So are you saying for these purposes that you do not use RBLs or greylisting or other similar tools that cut down on the obvious cycle consuming garbage? Correct, i do not use RBLs or greylisting. However, I have 1 domain, approx 100 users and receive only 2k messages/day. We have one machine running qmail/SA/clamav which more than handles this load. I can afford not to use rbls or greylisting - other larger setups may not be able to. -Jim
Re: Image spam (was: Is Bayes Dead? Have the spammers won?)
On Tue, 27 Mar 2007, David Gibbs wrote: While I agree that image spam is a PITA ... I have to wonder how ANYONE in the right mind could fall for that garbage. I mean, be real ... if the message you get contains an image, surrounded by garbage text, and the image quality is worse than a 60's era television picture, how hard is to figure out that the message is questionable? Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. -- Albert Einstein But then, I'm a cynic. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...much of our country's counterterrorism security spending is not designed to protect us from the terrorists, but instead to protect our public officials from criticism when another attack occurs. -- Bruce Schneier --- 17 days until Thomas Jefferson's 264th Birthday
Re: Is Bayes Dead? Have the spammers won?
Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores.
Re: Is Bayes Dead? Have the spammers won?
Yes image spam can be a real pain. I have just implemented a new mailserver and image spam is certainly on the increase :- mysql select count(*) from maillog; +--+ | count(*) | +--+ |15091 | +--+ 1 row in set (0.00 sec) mysql select count(*) from maillog where spamreport like '%FUZZY_OCR%'; +--+ | count(*) | +--+ | 3438 | +--+ 1 row in set (0.04 sec) mysql select count(*) from maillog where spamreport like '%FUZZY_OCR_KNOWN_HASH%'; +--+ | count(*) | +--+ | 1070 | +--+ 1 row in set (0.04 sec) On Fri, 23 Mar 2007 06:46:50 -0700, Marc Perkel [EMAIL PROTECTED] wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- --[ UxBoD ]-- // PGP Key: curl -s http://www.splatnix.net/uxbod.asc | gpg --import // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 // SIP Phone: [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Is Bayes Dead? Have the spammers won?
On Fri, 23 Mar 2007, Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Perhaps better: purge the learning folders of messages with image attachments before learning. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- It is not the place of government to make right every tragedy and woe that befalls every resident of the nation. --- 592 days until the Presidential Election
Re: Is Bayes Dead? Have the spammers won?
/me continues to wait for the spammers to tire of greylisting I work for a managed hosting provider, and I have seen spam messages get back customers' greylisting setups. It may be isolated, but some spammers are already starting to work around it.
Re: Is Bayes Dead? Have the spammers won?
Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid learning false positives/negatives. We were getting ham (although arguably - they were newsletter type ham) that was hitting BAYES_99. As soon as i started training them as ham the problem went away. Spam is still detected correctly by bayes and these newsletters no longer hit bayes_99. -Jim
Re: Is Bayes Dead? Have the spammers won?
Well, my two cents on this: When I upgraded my servers (about half a year ago) and started using a mysql-based Bayes DB, image spams began to drive me crazy. Seemed like there was no way to stop them. But with a good purge of bayes, a rebuild, and the addition of sa-update rules, it all began to get better. Right now, I have implemented a system for my users to train a global Bayes database, and I must say it is working almost flawlessly. Only a few discussion lists got BAYES_99 hits, but as soon as the users forwarded them to the ham training account (or moved them to their webmail-based HAM folders), everything got better. I'm a small fish in this fight (two servers, about 400 users each, ~25000 messages a day, ~2 rejected via zenspamhaus.org mostly, ~1100 spam messages, and ~30 virus messages a day), but I must say that taking good care of my Bayes database has improved a lot the spam fighting capabilities of my servers. It includes making sa-forget of false positives, then feeding them to sa-learn as ham, sa-forget of false negatives and making SA analyze and report them, etc. Luckily, I managed to write some scripts to do the work for me. They're still at test stage, but I'm convinced that they seem to perform very well... A taste: http://www.biol.unlp.edu.ar/cgi-bin/mailgraph.cgi Luis 2007/3/23, Jim Maul [EMAIL PROTECTED]: Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid learning false positives/negatives. We were getting ham (although arguably - they were newsletter type ham) that was hitting BAYES_99. As soon as i started training them as ham the problem went away. Spam is still detected correctly by bayes and these newsletters no longer hit bayes_99. -Jim -- - GNU-GPL: May The Source Be With You... -
Re: Is Bayes Dead? Have the spammers won?
Images were killing us until we installed focr. It really helped. I'm dreading the day that the scum find a way to circumvent that though. As an aside, I just noticed a bunch of spam like this in our quarantine (scored very very high so no one normally sees it, but I look sometimes): Subject: SPAM: HIGH * anti-spammers are lamers Parts/Attachments: 1 OK 3 lines Text (charset: ISO-8859-2) 2 Shown ~14 lines Text (charset: ISO-8859-2) subj regards, spammer. From: Luis Hernán Otegui [EMAIL PROTECTED] To: Spamassassin talk list users@spamassassin.apache.org Subject: Re: Is Bayes Dead? Have the spammers won? Date: Fri, 23 Mar 2007 11:45:22 -0300 Well, my two cents on this: When I upgraded my servers (about half a year ago) and started using a mysql-based Bayes DB, image spams began to drive me crazy. Seemed like there was no way to stop them. But with a good purge of bayes, a rebuild, and the addition of sa-update rules, it all began to get better. Right now, I have implemented a system for my users to train a global Bayes database, and I must say it is working almost flawlessly. Only a few discussion lists got BAYES_99 hits, but as soon as the users forwarded them to the ham training account (or moved them to their webmail-based HAM folders), everything got better. I'm a small fish in this fight (two servers, about 400 users each, ~25000 messages a day, ~2 rejected via zenspamhaus.org mostly, ~1100 spam messages, and ~30 virus messages a day), but I must say that taking good care of my Bayes database has improved a lot the spam fighting capabilities of my servers. It includes making sa-forget of false positives, then feeding them to sa-learn as ham, sa-forget of false negatives and making SA analyze and report them, etc. Luckily, I managed to write some scripts to do the work for me. They're still at test stage, but I'm convinced that they seem to perform very well... A taste: http://www.biol.unlp.edu.ar/cgi-bin/mailgraph.cgi Luis 2007/3/23, Jim Maul [EMAIL PROTECTED]: Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid learning false positives/negatives. We were getting ham (although arguably - they were newsletter type ham) that was hitting BAYES_99. As soon as i started training them as ham the problem went away. Spam is still detected correctly by bayes and these newsletters no longer hit bayes_99. -Jim -- - GNU-GPL: May The Source Be With You... - _ Interest Rates near 39yr lows! $430,000 Mortgage for $1,399/mo - Calculate new payment http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9632-18466moid=7581
Re: R: Is Bayes Dead? Have the spammers won?
On Thu, 22 Mar 2007 09:55:07 -0700, Marc Perkel [EMAIL PROTECTED] wrote: Maybe I'm doing something wrong but with the various methods of bayes poisoning going on I've found that bayes is just lowering the score of spam and causing more spam to get through. Where bayes used to be the centerpiece of spam filtering now I have turned it off to increase accuracy. Anyone else seeing this or is there some new tricks that I'm missing out on? I use a 3 tier system to minimize the effect of poisining the Bayes tables. First we do checking against a few databases for known spammer addresses, then check the message for obvious spam (claiming to come from our server, honeypot addresses, words in subjects, high SA score with no Bayes scoring) and then we do the Bayes scoring.
Re: Is Bayes Dead? Have the spammers won?
Jim Maul wrote: Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid learning false positives/negatives. We were getting ham (although arguably - they were newsletter type ham) that was hitting BAYES_99. As soon as i started training them as ham the problem went away. Spam is still detected correctly by bayes and these newsletters no longer hit bayes_99. -Jim What I think my problem might be is that I have done so much work prescreening messages with Exim that what's left isn't good stock for autolearn. I think what I need is a separate dedicated learner server that is selective and smart about what it learns.
Re: Is Bayes Dead? Have the spammers won?
Marc Perkel wrote: Jim Maul wrote: Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid learning false positives/negatives. We were getting ham (although arguably - they were newsletter type ham) that was hitting BAYES_99. As soon as i started training them as ham the problem went away. Spam is still detected correctly by bayes and these newsletters no longer hit bayes_99. -Jim What I think my problem might be is that I have done so much work prescreening messages with Exim that what's left isn't good stock for autolearn. I think what I need is a separate dedicated learner server that is selective and smart about what it learns. This is quite possible. I have heard other stories of people using things like greylisting and rbls to reject at smtp time that the only things that eventually made it to SA were so limited that it would produce odd results for bayes. From my experience, the more you throw at bayes, the better it gets. The more selective you are, the less it has to work with. Jim
Re: Is Bayes Dead? Have the spammers won?
But with a good purge of bayes, a rebuild, and the addition of sa-update rules, How do you safely purge bayes anyway? Matt
RE: Is Bayes Dead? Have the spammers won?
Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid This is quite possible. I have heard other stories of people using things like greylisting and rbls to reject at smtp time that the only things that eventually made it to SA were so limited that it would produce odd results for bayes. From my experience, the more you throw at bayes, the better it gets. The more selective you are, the less it has to work with. Jim So are you saying for these purposes that you do not use RBLs or greylisting or other similar tools that cut down on the obvious cycle consuming garbage? - rh -- Robert - Abba Communications http://www.abbacomm.net/
Re: Is Bayes Dead? Have the spammers won?
Jim Maul wrote: Marc Perkel wrote: Jim Maul wrote: Marc Perkel wrote: Perhaps what I need to do is to get rid of autolearn and write my own learning system that strips out the body of messages with images and just learns the headers. My problem is that when users get image spam they put it in the spam folders and they get learned. But the text in the image spam causes ham type text to be learned as spam. That causes ham to get higher scores. Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid learning false positives/negatives. We were getting ham (although arguably - they were newsletter type ham) that was hitting BAYES_99. As soon as i started training them as ham the problem went away. Spam is still detected correctly by bayes and these newsletters no longer hit bayes_99. -Jim What I think my problem might be is that I have done so much work prescreening messages with Exim that what's left isn't good stock for autolearn. I think what I need is a separate dedicated learner server that is selective and smart about what it learns. This is quite possible. I have heard other stories of people using things like greylisting and rbls to reject at smtp time that the only things that eventually made it to SA were so limited that it would produce odd results for bayes. From my experience, the more you throw at bayes, the better it gets. The more selective you are, the less it has to work with. Jim Yes - I think that's what's happening to me. I also create an automatic whitelisting system that shaves off about 1/2 of ham bypassing SA. What I need to do is fork off a copy of a lot of email that's bypassing SA and stuff it into the learner. Like I said originally, bayes used to be my best tool. I'd like to get that back.
Is Bayes Dead? Have the spammers won?
Maybe I'm doing something wrong but with the various methods of bayes poisoning going on I've found that bayes is just lowering the score of spam and causing more spam to get through. Where bayes used to be the centerpiece of spam filtering now I have turned it off to increase accuracy. Anyone else seeing this or is there some new tricks that I'm missing out on?
Re: Is Bayes Dead? Have the spammers won?
Hi, My Bayes is just as accurate as it has always been. Any false negatives usually all have BAYES_99 in them, they just don't have enough other rule hits to raise the overall score above the threshold. Marc Perkel wrote: Maybe I'm doing something wrong but with the various methods of bayes poisoning going on I've found that bayes is just lowering the score of spam and causing more spam to get through. Where bayes used to be the centerpiece of spam filtering now I have turned it off to increase accuracy. Anyone else seeing this or is there some new tricks that I'm missing out on? -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw
Re: Is Bayes Dead? Have the spammers won?
Henrik Krohns wrote: On Thu, Mar 22, 2007 at 09:55:07AM -0700, Marc Perkel wrote: Maybe I'm doing something wrong but with the various methods of bayes poisoning going on I've found that bayes is just lowering the score of spam and causing more spam to get through. So is there actually any real proof that Bayes poisoning works? I've yet to find any evidence. All the cases have been admins/users messing it up themselves. I'm just relating my experience and perhaps wondering if I'm doing something wrong.
Re: Is Bayes Dead? Have the spammers won?
On Thu, 22 Mar 2007, Kris Deugau wrote: John D. Hardin wrote: I've never trusted automatic learning. Why let your Bayes database be (even partially) under the control of a third party, particularly when that third party is the attacker? Because there's no other (practical and/or ethical) way of getting enough ham to make it useful? Fair enough. I've only ever administered a limited-size trusted environment (small corporate and personal). -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- USMC Rules of Gunfighting #7: In ten years nobody will remember the details of caliber, stance, or tactics. They will only remember who lived. --- 593 days until the Presidential Election
Re: Is Bayes Dead? Have the spammers won?
Henrik Krohns wrote: On Thu, Mar 22, 2007 at 09:55:07AM -0700, Marc Perkel wrote: Maybe I'm doing something wrong but with the various methods of bayes poisoning going on I've found that bayes is just lowering the score of spam and causing more spam to get through. So is there actually any real proof that Bayes poisoning works? I've yet to find any evidence. All the cases have been admins/users messing it up themselves. In point of fact, my own experience is that poisoning attempts make no difference at all. Because the number of poison tokens in an established database is so small, they don't change anything. However the incidence of other spam-positive keys tips the hand. I use auto-learning. Always have. It has NEVER been a problem; if I get an FP or FN, I resubmit those mails for retraining to the DB. I've even gone so far as to take a Spam mail that was visually more than 80% poison, copy the poison out, put it around another spam mail and mail it to myself from a dummy account. Result? Bayes_99. Took the same poision, wrapped it around a legitimate mail and sent it to myself. Result? Bayes_00. You can't keep a good Bays down; auto-learned or not. And I'm a little guy; 5000 messages a day ... 1 if the lists I host are busy. Its not like I have a massive bayes DB to work against. The Big Boys should be even more accurate just by raw weight of statistical incidence. Bayes Poison is fiction; its not even good fiction. -- --Michel Vaillancourt Wolfstar Systems www.wolfstar.ca
Re: Is Bayes Dead? Have the spammers won?
On Thu, Mar 22, 2007 at 09:55:07AM -0700, Marc Perkel wrote: Where bayes used to be the centerpiece of spam filtering ... FWIW, I don't think Bayes has really ever been the centerpiece of spam filtering. Definitely not within SA anyway. It's a good tool, but it's just another tool in the belt. /me continues to wait for the spammers to tire of greylisting -- Randomly Selected Tagline: If you build something that any idiot can use, any idiot will. - Patrick St. Jean pgpUmlYsM1Tf9.pgp Description: PGP signature
Re: Is Bayes Dead? Have the spammers won?
On 22-mrt-2007, at 20:02, Theo Van Dinter wrote: On Thu, Mar 22, 2007 at 09:55:07AM -0700, Marc Perkel wrote: Where bayes used to be the centerpiece of spam filtering ... FWIW, I don't think Bayes has really ever been the centerpiece of spam filtering. Definitely not within SA anyway. It's a good tool, but it's just another tool in the belt. /me continues to wait for the spammers to tire of greylisting Yes, exactly! Greylisting is still working amazingly well here. Also, most spams that get past the greylisting border are still hitting BAYES_90 or higher, even on instances where the bayes system is only being trained by autolearning. I do feel that greylisting is slowly becoming less effective though. The amount of spams that get through may have risen by as much as 50%, although this is extremely relative, because this means that in my case six spams make it through each day, instead of four, whereas I used to get 80 spams per day without greylisting. I noticed that almost all of the spams that get through are GIF image stock spam. Apparently, I should GET IN ON THE YOUTUBE OF CHINA NOW!, because that is all I'm reading about these days ;-) Leander
Re: Is Bayes Dead? Have the spammers won?
On Thu, Mar 22, 2007 at 02:41:03PM -0500, maillist wrote: I don't know about that. I'd say that 95% of all spam filtered in my system has BAYES_99 as a trigger, and of that, probably 75% - 85% would not have been caught if not for that trigger. Don't confuse filtering methods with rules. -- Randomly Selected Tagline: Harriet's Dining Observation: In every restaurant, the hardness of the butter pats increases in direct proportion to the softness of the bread. pgpnNPkxQdFG6.pgp Description: PGP signature
R: Is Bayes Dead? Have the spammers won?
-Messaggio originale- Da: --[ UxBoD ]-- [mailto:[EMAIL PROTECTED] Using a combination of numerous SA rules, bayes, FuzzyOCR and BotNet on a new server Ive just built we are trashing the SPAM. Attached graph is for today :- What does received mean in the graph? Giampaolo Regards, UxBoD On Thu, 22 Mar 2007 09:55:07 -0700, Marc Perkel [EMAIL PROTECTED] wrote: Maybe I'm doing something wrong but with the various methods of bayes poisoning going on I've found that bayes is just lowering the score of spam and causing more spam to get through. Where bayes used to be the centerpiece of spam filtering now I have turned it off to increase accuracy. Anyone else seeing this or is there some new tricks that I'm missing out on? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- --[ UxBoD ]-- // PGP Key: curl -s http://www.splatnix.net/uxbod.asc | gpg --import // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 // SIP Phone: [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Is Bayes Dead? Have the spammers won?
I was wondering the same thing, idly. Then one day my Bayes stopped working and I went from 30-40 spams getting through in a day to 500-600 getting through. Believe me, I think Bayes is doing a decent job of adding to the scores of spammy messages... Maybe I'm doing something wrong but with the various methods of bayes poisoning going on I've found that bayes is just lowering the score of spam and causing more spam to get through. Where bayes used to be the centerpiece of spam filtering now I have turned it off to increase accuracy. Anyone else seeing this or is there some new tricks that I'm missing out on? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Jason Marshall, [EMAIL PROTECTED] Spots InterConnect, Inc. Calgary, AB | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re: Is Bayes Dead? Have the spammers won?
On 3/22/07, Kris Deugau [EMAIL PROTECTED] wrote: Anyone using SA in an ISP environment will run into this problem; I agree here, I am using SA in an ISP and I have disabled Bayes. There is no way I can get regular good supply of ham from our customers. No one want's to forward their good mails to me (or any ISP) regularly to train Bayes. And we have a wide spectrum of customers, so Bayes will cause more damage than good, if I do not get enough volume of mails for training. I am interested in hearing from any one using Bayes in ISP though. raj
Re: Is Bayes Dead? Have the spammers won?
On Thu, Mar 22, 2007 at 09:55:07AM -0700, Marc Perkel wrote: Maybe I'm doing something wrong but with the various methods of bayes poisoning going on I've found that bayes is just lowering the score of spam and causing more spam to get through. Where bayes used to be the centerpiece of spam filtering now I have turned it off to increase accuracy. Anyone else seeing this or is there some new tricks that I'm missing out on? We had to lower our bayesian filter's score from 7.2 to something like 6.4 (8.0 threshold) as a result of the image spam but it still doing a good job. My experience with fuzzyocr was not good enough to implement it on all our mail servers. Exim had regular problems with the feedback from Spamassassin when fuzzyocr was active and recently Spamassassin died because of some problem fuzzyocr had with some mails - so I disabled it on the one server I was trying it out. The result is more image spam. Maybe it is time to rebuild the bayesian database with clean spam excluding image spam and a lot of ham messages. Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch Jesus said unto her, I am the resurrection, and the life; he that believeth in me, though he were dead, yet shall he live; And whosoever liveth and believeth in me shall never die.John 11:25,26
