Jason Heiser wrote:
We get order acknowledgment e-mails from a specific e-mail address for
orders placed on our website. A couple of days ago, these messages
stopped arriving. Somebody noticed this, I went looking for them, I
found them in our spam folder. For some reason, this address in the
AWL database underwent a change that made its spam score spike
sharply. Here are the relevant lines from our log file:
Jun 19 16:10:35 mail amavis[13107]: (13107-16) SPAM-TAG,
<[EMAIL PROTECTED]> ->
<cyradm+Dispatch/[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,
No, score=0.446 required=5 tests=[AWL=-0.105, HTML_MESSAGE=0.001,
NO_REAL_NAME=0.55]
Jun 19 16:33:59 mail amavis[13364]: (13364-18) SPAM-TAG,
<[EMAIL PROTECTED]> ->
<cyradm+Dispatch/[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,
No, score=0.446 required=5 tests=[AWL=-0.105, HTML_MESSAGE=0.001,
NO_REAL_NAME=0.55]
Jun 19 17:13:03 mail amavis[14018]: (14018-04) SPAM-TAG,
<[EMAIL PROTECTED]> ->
<cyradm+Dispatch/[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,
No, score=0.446 required=5 tests=[AWL=-0.105, HTML_MESSAGE=0.001,
NO_REAL_NAME=0.55]
Jun 19 22:07:46 mail amavis[16421]: (16421-19) SPAM,
<[EMAIL PROTECTED]> ->
<cyradm+Dispatch/[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,
Yes, score=388.637 tag=x tag2=5 kill=5 tests=[AWL=388.086,
HTML_MESSAGE=0.001, NO_REAL_NAME=0.55], autolearn=disabled, quarantine
lRI-QGRPgLGR (cyradm+Quarantine/[EMAIL PROTECTED])
Jun 19 22:25:56 mail amavis[17107]: (17107-07) SPAM,
<[EMAIL PROTECTED]> ->
<cyradm+Dispatch/[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,
Yes, score=194.594 tag=x tag2=5 kill=5 tests=[AWL=194.043,
HTML_MESSAGE=0.001, NO_REAL_NAME=0.55], autolearn=disabled, quarantine
8XS-x-324Me4 (cyradm+Quarantine/[EMAIL PROTECTED])
As you can see, everything is normal in first three messages. In the
fourth message, AWL explodes. Any theories what happened here?
Jason Heiser
I've seen this problem. When I looked at our autowhitelists - which had
grown to be multiple gigabytes - there were some entries with scores
recorded, but a message count of 0. Obviously, this makes the average
score per message rather large... it records further messages OK, so the
score then drops off exponentially.
This seems to be something to do with the huge AWL files we had - I've
scheduled a weekly run of the trim_whitelist script (I had problems
getting check_whitelist to process the broken file) and I've not seen
the problem since. As a bonus, the AWL files are now tens of megabytes,
not several gigabytes.
Adam.
--
--------------------------------
Adam Stephens
Network Specialist - Email & DNS
[EMAIL PROTECTED]
