Re: Spams not detected

17 Jun 2004 22:32:13 -0000 



Asif Iqbal <[EMAIL PROTECTED]> wrote on 06/17/2004 04:40:54 PM:

> I am definitely not doing something right. These two following messages
> slipped through my SA. Any ruleset that I am missing?
>
> Here are the list of .cf files in my /etc/mail/spamassassin dir
>
> 70_sare_adult.cf
> 70_sare_bayes_poison_nxm.cf
> 70_sare_header_abuse.cf
> 70_sare_html.cf
> 70_sare_oem.cf
> 70_sare_ratware.cf
> 70_sare_specific.cf
> 70_sare_spoof.cf
> 71_sare_bml_pre25x.cf
> 72_sare_bml_post25x.cf
> 99_sare_fraud_post25x.cf
> 99_sare_fraud_pre25x.cf
> RulesDuJour
> antidrug.cf
> backhair.cf
> bayes_seen
> bayes_toks
> bigevil.cf
> bogus-virus-warnings.cf
> evilnumbers.cf
> local.cf
> tripwire.cf
>
> Any help would be greatly appreciated. Thanks
>
[snip]

Are you sure you have the latest versions?  The first message triggered the
SARE_SPOOF_OURI rule on my system which has a score of 2.5 yet your total
score for the entire message is only 1.5. You may want to add the line
add_header all Report _REPORT_  to your local.cf. This will show you which
rules were triggered.

Get rid of 71_sare_bml_pre25x.cf and 99_sare_fraud_pre25x.cf since those
are for earlier versions of SA. Might be causing a conflict.

You may want to replace 70_sare_header_abuse.cf and 70_sare_html.cf with
the new split versions.

Also check to make sure you have bayes enabled  use_bayes  1  in local.cf.
You may want to execute a   sa-learn --dump magic from the userid that SA
runs under to see how many tokens bayes has.  It won't kick in until you
have learned at least 200 spam and 200 ham messages.  Look at the 2nd and
3rd lines:

0.000          0          2          0  non-token data: bayes db version
0.000          0      76370          0  non-token data: nspam
0.000          0      11924          0  non-token data: nham
0.000          0     139213          0  non-token data: ntokens
0.000          0 1086766770          0  non-token data: oldest atime
0.000          0 1087510789          0  non-token data: newest atime
0.000          0 1087509912          0  non-token data: last journal sync
atime
0.000          0 1087457949          0  non-token data: last expiry atime
0.000          0     691200          0  non-token data: last expire atime
delta
0.000          0      22647          0  non-token data: last expire
reduction count

Also, run a spamassassin -d --lint to make sure you don't have any
errors/typos.

Andy























					Reply via email to