[gentoo-user] SpamAssassin is letting everything through - gentoo-user

From:	daniel <danstemporaryaccount@×××××.ca>
To:	"list: gentoo-user" <gentoo-user@l.g.o>
Subject:	[gentoo-user] SpamAssassin is letting everything through
Date:	Thu, 25 Aug 2005 22:10:39
Message-Id:	`200508251753.53748.danstemporaryaccount@yahoo.ca`

1

I've been beating my head against my keyboard all day trying to figure out how 

2

get SpamAssassin working on our server and so far I've not had a lot of 

3

success.

4

5

 - spamd is running

6

 - it's handling mail and adding headers

7

 - it seems to be running all the rules

8

9

But nearly all spam, even really obvious spam is getting through.  I went to 

10

the SpamAssassin website to figure out what was going wrong and did a few 

11

tests.  The GTUBE test comes back positive, so that was good, but manually 

12

testing known spam is coming out with very low scores given the input.

13

14

It looks like the rules should be scoring higher (see below) but they're not.  

15

Even with the attached email, we're only getting a score of 1.7 even after 

16

it's hit up on all those different rules.

17

18

Am I missing something here?  I've trained it with sa-learn on a whole slew of 

19

ham and spam and it continues to let through nearly all the spam coming in.

20

21

Any help or suggestions would be greatly appreciated.

22

Thanks

23

24

25

Example Spam

26

------------------------------------------------------------------------------

27

Return-path: <Palmiro@××××××××××.com>

28

Envelope-to: MYUSERNAME@××××××××.com

29

Delivery-date: Sat, 26 Mar 2005 06:20:57 -0800

30

Received: from 21.red-83-46-28.pooles.rima-tde.net ([83.46.28.21] 

31

helo=joyceessex.com)

32

        by mail.MYDOMAIN.com with smtp (Exim 4.50 (FreeBSD))

33

        id 1DFC9k-000DiX-9o

34

        for MYUSERNAME@××××××××.com; Sat, 26 Mar 2005 06:20:57 -0800

35

From: "Thelonius Parent" <Palmiro@××××××××××.com>

36

To: "James Tripp" <MYUSERNAME@××××××××.com>

37

Subject: Pharaamcy: 45-91

38

Date: Sat, 26 Mar 2005 08:19:30 -0500

39

MIME-Version: 1.0

40

Content-Type: multipart/alternative;

41

  boundary="----=_NextPart_000_004A_01C5313B.42456F83"

42

X-Priority: 3

43

X-MSMail-Priority: Normal

44

X-Unsent: 1

45

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

46

Spam-Warn: host is listed in

47

Status: RO

48

X-Status: RC

49

X-KMail-EncryptionState:

50

X-KMail-SignatureState:

51

X-KMail-MDN-Sent:

52

X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on

53

        kenyan.nodes.net.ad-flow.com

54

X-Spam-Level: *

55

X-Spam-Status: No, score=1.7 required=5.0 tests=FORGED_RCVD_HELO,

56

        HTML_FONT_BIG,HTML_MESSAGE,HTML_TAG_EXIST_TBODY,PRIORITY_NO_NAME

57

        autolearn=no version=3.0.2

58

59

This is a multi-part message in MIME format.

60

61

------=_NextPart_000_004A_01C5313B.42456F83

62

Content-Type: text/plain;

63

        charset="us-ascii"

64

Content-Transfer-Encoding: quoted-printable

65

66

Hello,

67

68

to open.  Cahusac stood before him.  The Breton's face was grave.

69

landing parties.

70

71

de Rivarol bade him be admitted, and there entered now into his

72

73

the sound heart of a boy, and in that heart much love for Peter

74

misrule, damme!  He leaves Port Royal unguarded save by a ramshac

75

Governor-General.  I perceive your object, and I believe ye're

76

Wolverstone's he did not know.  But he saw quite clearly now that

77

to hear him, for he had not troubled to raise his voice.  I hope

78

79

80

Have a nice day.

81

------=_NextPart_000_004A_01C5313B.42456F83

82

Content-Type: text/html;

83

        charset="us-ascii"

84

Content-Transfer-Encoding: quoted-printable

85

86

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

87

<HTML><HEAD>

88

<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">

89

<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>

90

<STYLE></STYLE>

91

</HEAD>

92

<BODY bgColor=3D#ffffff>

93

<DIV><FONT face=3DArial>Hello,&nbsp;</FONT><A=20

94

href=3D"http://www.dtkc.jm.com.dodteddrugsf.com/"><FONT =

95

face=3DArial>MediccationsByMail=20

96

SHOP</FONT></A><FONT face=3DArial>&nbsp;Welcomes You.</FONT></DIV>

97

<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>

98

<DIV><FONT face=3DArial>Do youu need to spend less on your meddications?=

99

</FONT></DIV>

100

<DIV><FONT face=3DArial size=3D4>You could save up tto 80% with us!=

101

</FONT></DIV>

102

<DIV>

103

<TABLE cellSpacing=3D0 cellPadding=3D0 border=3D0>

104

  <TBODY>

105

  <TR vAlign=3Dbottom>

106

    <TD rowSpan=3D2><FONT face=3DArial size=3D4>VI</FONT></TD>

107

    <TD><FONT face=3DArial size=3D4></FONT></TD>

108

    <TD rowSpan=3D2><FONT face=3DArial size=3D4>IN&nbsp;Vl</FONT></TD>

109

    <TD><FONT face=3DArial size=3D4></FONT></TD>

110

    <TD rowSpan=3D2><FONT face=3DArial size=3D4>RA&nbsp;VA</FONT></TD>

111

    <TD><FONT face=3DArial size=3D4></FONT></TD>

112

    <TD rowSpan=3D2><FONT face=3DArial size=3D4>UM</FONT></TD>

113

    <TD><FONT face=3DArial size=3D4></FONT></TD>

114

    <TD rowSpan=3D2><FONT face=3DArial size=3D4>AL</FONT></TD>

115

    <TD><FONT face=3DArial size=3D4></FONT></TD>

116

  <TR>

117

    <TD><FONT face=3DArial size=3D4>COD</FONT></TD>

118

    <TD><FONT face=3DArial size=3D4>AG</FONT></TD>

119

    <TD><FONT face=3DArial size=3D4>Ll</FONT></TD>

120

    <TD><FONT face=3DArial size=3D4>&nbsp;CI</FONT></TD>

121

    <TD><FONT face=3DArial=20

122

=

123

size=3D4>IS&nbsp;and&nbsp;many&nbsp;other&nbsp;in&nbsp;our&nbsp;ST0RE.</F=

124

ONT></TD></TR></TBODY></TABLE></DIV>

125

<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>

126

<DIV><FONT face=3DArial>Have a nice day.</FONT></DIV>

127

<DIV><FONT face=3DArial>Try us andd you will not be disappointed.=

128

</FONT></DIV></BODY></HTML>

129

130

------=_NextPart_000_004A_01C5313B.42456F83--

131

132

Spam detection software, running on the system "kenyan.nodes.net.ad-flow.com", 

133

has identified this incoming email as possible spam.  The original message

134

has been attached to this so you can view it (if it isn't spam) or label

135

similar future email.  If you have any questions, see

136

the administrator of that system for details.

137

138

Content preview:  Hello, to open. Cahusac stood before him. The Breton's

139

  face was grave. landing parties. de Rivarol bade him be admitted, and

140

  there entered now into his [...]

141

142

Content analysis details:   (1.7 points, 5.0 required)

143

144

 pts rule name              description

145

---- ---------------------- --------------------------------------------------

146

 0.1 FORGED_RCVD_HELO       Received: contains a forged HELO

147

 0.0 HTML_MESSAGE           BODY: HTML included in message

148

 0.2 HTML_FONT_BIG          BODY: HTML tag for a big font size

149

 0.2 HTML_TAG_EXIST_TBODY   BODY: HTML has "tbody" tag

150

 1.2 PRIORITY_NO_NAME       Message has priority, but no X-Mailer/User-Agent

151

--

152

gentoo-user@g.o mailing list

Subject	Author
Re: [gentoo-user] SpamAssassin is letting everything through	Jonathan Wright <mail@×××××××××.uk>
Re: [gentoo-user] SpamAssassin is letting everything through	Jarry <jarry@×××.net>

Gentoo Archives: gentoo-user

Replies

1	I've been beating my head against my keyboard all day trying to figure out how
2	get SpamAssassin working on our server and so far I've not had a lot of
3	success.
4
5	- spamd is running
6	- it's handling mail and adding headers
7	- it seems to be running all the rules
8
9	But nearly all spam, even really obvious spam is getting through. I went to
10	the SpamAssassin website to figure out what was going wrong and did a few
11	tests. The GTUBE test comes back positive, so that was good, but manually
12	testing known spam is coming out with very low scores given the input.
13
14	It looks like the rules should be scoring higher (see below) but they're not.
15	Even with the attached email, we're only getting a score of 1.7 even after
16	it's hit up on all those different rules.
17
18	Am I missing something here? I've trained it with sa-learn on a whole slew of
19	ham and spam and it continues to let through nearly all the spam coming in.
20
21	Any help or suggestions would be greatly appreciated.
22	Thanks
23
24
25	Example Spam
26	------------------------------------------------------------------------------
27	Return-path: <Palmiro@××××××××××.com>
28	Envelope-to: MYUSERNAME@××××××××.com
29	Delivery-date: Sat, 26 Mar 2005 06:20:57 -0800
30	Received: from 21.red-83-46-28.pooles.rima-tde.net ([83.46.28.21]
31	helo=joyceessex.com)
32	by mail.MYDOMAIN.com with smtp (Exim 4.50 (FreeBSD))
33	id 1DFC9k-000DiX-9o
34	for MYUSERNAME@××××××××.com; Sat, 26 Mar 2005 06:20:57 -0800
35	From: "Thelonius Parent" <Palmiro@××××××××××.com>
36	To: "James Tripp" <MYUSERNAME@××××××××.com>
37	Subject: Pharaamcy: 45-91
38	Date: Sat, 26 Mar 2005 08:19:30 -0500
39	MIME-Version: 1.0
40	Content-Type: multipart/alternative;
41	boundary="----=_NextPart_000_004A_01C5313B.42456F83"
42	X-Priority: 3
43	X-MSMail-Priority: Normal
44	X-Unsent: 1
45	X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
46	Spam-Warn: host is listed in
47	Status: RO
48	X-Status: RC
49	X-KMail-EncryptionState:
50	X-KMail-SignatureState:
51	X-KMail-MDN-Sent:
52	X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on
53	kenyan.nodes.net.ad-flow.com
54	X-Spam-Level: *
55	X-Spam-Status: No, score=1.7 required=5.0 tests=FORGED_RCVD_HELO,
56	HTML_FONT_BIG,HTML_MESSAGE,HTML_TAG_EXIST_TBODY,PRIORITY_NO_NAME
57	autolearn=no version=3.0.2
58
59	This is a multi-part message in MIME format.
60
61	------=_NextPart_000_004A_01C5313B.42456F83
62	Content-Type: text/plain;
63	charset="us-ascii"
64	Content-Transfer-Encoding: quoted-printable
65
66	Hello,
67
68	to open. Cahusac stood before him. The Breton's face was grave.
69	landing parties.
70
71	de Rivarol bade him be admitted, and there entered now into his
72
73	the sound heart of a boy, and in that heart much love for Peter
74	misrule, damme! He leaves Port Royal unguarded save by a ramshac
75	Governor-General. I perceive your object, and I believe ye're
76	Wolverstone's he did not know. But he saw quite clearly now that
77	to hear him, for he had not troubled to raise his voice. I hope
78
79
80	Have a nice day.
81	------=_NextPart_000_004A_01C5313B.42456F83
82	Content-Type: text/html;
83	charset="us-ascii"
84	Content-Transfer-Encoding: quoted-printable
85
86	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
87	<HTML><HEAD>
88	<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
89	<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
90	<STYLE></STYLE>
91	</HEAD>
92	<BODY bgColor=3D#ffffff>
93	<DIV><FONT face=3DArial>Hello, </FONT><A=20
94	href=3D"http://www.dtkc.jm.com.dodteddrugsf.com/"><FONT =
95	face=3DArial>MediccationsByMail=20
96	SHOP</FONT></A><FONT face=3DArial> Welcomes You.</FONT></DIV>
97	<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
98	<DIV><FONT face=3DArial>Do youu need to spend less on your meddications?=
99	</FONT></DIV>
100	<DIV><FONT face=3DArial size=3D4>You could save up tto 80% with us!=
101	</FONT></DIV>
102	<DIV>
103	<TABLE cellSpacing=3D0 cellPadding=3D0 border=3D0>
104	<TBODY>
105	<TR vAlign=3Dbottom>
106	<TD rowSpan=3D2><FONT face=3DArial size=3D4>VI</FONT></TD>
107	<TD><FONT face=3DArial size=3D4></FONT></TD>
108	<TD rowSpan=3D2><FONT face=3DArial size=3D4>IN Vl</FONT></TD>
109	<TD><FONT face=3DArial size=3D4></FONT></TD>
110	<TD rowSpan=3D2><FONT face=3DArial size=3D4>RA VA</FONT></TD>
111	<TD><FONT face=3DArial size=3D4></FONT></TD>
112	<TD rowSpan=3D2><FONT face=3DArial size=3D4>UM</FONT></TD>
113	<TD><FONT face=3DArial size=3D4></FONT></TD>
114	<TD rowSpan=3D2><FONT face=3DArial size=3D4>AL</FONT></TD>
115	<TD><FONT face=3DArial size=3D4></FONT></TD>
116	<TR>
117	<TD><FONT face=3DArial size=3D4>COD</FONT></TD>
118	<TD><FONT face=3DArial size=3D4>AG</FONT></TD>
119	<TD><FONT face=3DArial size=3D4>Ll</FONT></TD>
120	<TD><FONT face=3DArial size=3D4> CI</FONT></TD>
121	<TD><FONT face=3DArial=20
122	=
123	size=3D4>IS and many other in our ST0RE.</F=
124	ONT></TD></TR></TBODY></TABLE></DIV>
125	<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
126	<DIV><FONT face=3DArial>Have a nice day.</FONT></DIV>
127	<DIV><FONT face=3DArial>Try us andd you will not be disappointed.=
128	</FONT></DIV></BODY></HTML>
129
130	------=_NextPart_000_004A_01C5313B.42456F83--
131
132	Spam detection software, running on the system "kenyan.nodes.net.ad-flow.com",
133	has identified this incoming email as possible spam. The original message
134	has been attached to this so you can view it (if it isn't spam) or label
135	similar future email. If you have any questions, see
136	the administrator of that system for details.
137
138	Content preview: Hello, to open. Cahusac stood before him. The Breton's
139	face was grave. landing parties. de Rivarol bade him be admitted, and
140	there entered now into his [...]
141
142	Content analysis details: (1.7 points, 5.0 required)
143
144	pts rule name description
145	---- ---------------------- --------------------------------------------------
146	0.1 FORGED_RCVD_HELO Received: contains a forged HELO
147	0.0 HTML_MESSAGE BODY: HTML included in message
148	0.2 HTML_FONT_BIG BODY: HTML tag for a big font size
149	0.2 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag
150	1.2 PRIORITY_NO_NAME Message has priority, but no X-Mailer/User-Agent
151	--
152	gentoo-user@g.o mailing list