Spam mails getting through

Report bugs and workarounds
Post Reply
pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Spam mails getting through

Post by pipjo »

I've noticed that mails I mark as Spam are still being delivered if they are sent again. Is there anywhere I can check:
That the mails I mark as Spam are being recorded so that future mails will be flagged?
Why these mails are still getting through.

Thanks

PJ
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Spam mails getting through

Post by pdwalker »

The "mark as spam" trains the bayes spam classifier, which should help push up the spam score. Over time, as the bayes filter learns what you think is spam, the spam score of those messages will increase, hopefully to the point where it is marked as "high spam" and then no longer gets delivered.

can you give an example of a spamassassin spam report from one of these messages that is getting through? spam reports are essential to understanding why a message is getting delivered when it should not.
pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo »

How do I get the Spam Report?
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Spam mails getting through

Post by pdwalker »

go to the efa web interface ( mailscanner/status.php or /mailscanner/rep_message_listing.php or /mailscanner/rep_message_ops.php )

find one of the messages that you are unhappy with.

on the left side as the # column and the blue circle with the letter "i" in the middle. click on it.

that brings up the message details page, scroll down until you see the lines "SpamAssassin Score" and "Spam Report". It looks like the following:
Screen-Shot-2017-08-02-at-13.55a.png
Screen-Shot-2017-08-02-at-13.55a.png (79.16 KiB) Viewed 10841 times
and post that information.

In the above report, my bayes filters are almost certain this is junk (3 9's). I think I also increased the weight of my bayes filter at the top end of the confidence range.
pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo »

Screen shot below. There are no Bayes values displayed so I'm guessing that could be part of the problem. Also I have noticed when flagging a mail as SPAM the following comes up before the EFA page, not sure if this is relevant:
Learned tokens from 0 message(s) (1 message(s) examined)
Image

Thanks

PJ
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Spam mails getting through

Post by shawniverson »

Yeah, something is wrong with bayes. It appears it isn't learning or examining mails :think:
pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo »

Is it possible that there is a setting to enable it that I have missed?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Spam mails getting through

Post by shawniverson »

It is supposed to be enabled by default, which concerns me. We need to troubleshoot. I think worst case you may need to clear the bayes database...
pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo »

Resetting the Bayes DB wouldn't be a problem as the install is only a month or so old.

As for trouble shooting, are there any logs I could look through?
pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo »

Also, is this any use?

Image
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Spam mails getting through

Post by shawniverson »

Yeah that doesn't look right, just a month old? Check out the oldest token.

I would advise clearing it, feeding it new spam/ham, and seeing if you start getting hits.
pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo »

Will do. I'll report back in a couple of days.

Thanks
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Spam mails getting through

Post by henk »

Try feed it (bayes) some spam. :idea:

I couldn't find any settings regarding the bayes corpus in Efa, so it will be default settings.

bayes_min_ham_num (Default: 200)
bayes_min_spam_num (Default: 200)
To be accurate, the Bayes system does not activate until a certain number of ham (non-spam) and spam have been learned. The default is 200 of each ham and spam, but you can tune these up or down with these two settings.

Just run spamassassin --lint -D and check if you find the message below.

dbg: bayes: corpus size: nspam = 13, nham = 511 <---------------
Probably because your corpus is still too small.

or

Code: Select all

sa-learn --dump magic|grep token

About the oldest token: ( 2003 date)
bayes_auto_expire (default: 1)
If enabled, the Bayes system will try to automatically expire old tokens from the database. Auto-expiry occurs when the number of tokens in the database surpasses the bayes_expiry_max_db_size value.
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo »

That all makes sense.
Are there any ways to feed Bayes spam other than by receiving it?
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Spam mails getting through

Post by henk »

The fast way is to restore the bayes db from a backup, but as I understand you do not have a backup from an previous(EFA) version.

1) sa-learn --backup > backup.txt

2) sa-learn --clear (this is optional, but good to do to clear out the old database)

3) Once you have backed up all databases you can update your configuration for the new database backend. This will involve at least the bayes_store_module config option and may involve some additional config options depending on what is required by the module.

4) For each backed up database run: sa-learn --restore backup.txt

The other way is to feed spam into bayes with mail already classified as spam. See the man pages

The option I would use in your case, is to create a temp fake mail account and start using it .
Sign in to various sites leaving this fake account as email-addres.When you reached the spam limit for bayes (> 200), delete the fake account.

Take some time to train the bayes db. It's worth the time.

Just take a look at: viewtopic.php?f=5&t=2400
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Spam mails getting through

Post by ovizii »

just wanted to add that I often see:

Code: Select all

Learned tokens from 0 message(s) (1 message(s) examined)
that usually happens when the email didn't have anything new to add to Bayes apparently?
pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo »

Thanks everyone for your suggestions. I'm rebuilding the DB (slowly) and will update once I pass 200.
Post Reply