Spam mails getting through

Report bugs and workarounds
Post Reply
pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Spam mails getting through

Post by pipjo » 01 Aug 2017 22:34

I've noticed that mails I mark as Spam are still being delivered if they are sent again. Is there anywhere I can check:
That the mails I mark as Spam are being recorded so that future mails will be flagged?
Why these mails are still getting through.

Thanks

PJ

User avatar
pdwalker
Posts: 1162
Joined: 18 Mar 2015 09:16

Re: Spam mails getting through

Post by pdwalker » 02 Aug 2017 04:53

The "mark as spam" trains the bayes spam classifier, which should help push up the spam score. Over time, as the bayes filter learns what you think is spam, the spam score of those messages will increase, hopefully to the point where it is marked as "high spam" and then no longer gets delivered.

can you give an example of a spamassassin spam report from one of these messages that is getting through? spam reports are essential to understanding why a message is getting delivered when it should not.

pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo » 02 Aug 2017 05:39

How do I get the Spam Report?

User avatar
pdwalker
Posts: 1162
Joined: 18 Mar 2015 09:16

Re: Spam mails getting through

Post by pdwalker » 02 Aug 2017 05:59

go to the efa web interface ( mailscanner/status.php or /mailscanner/rep_message_listing.php or /mailscanner/rep_message_ops.php )

find one of the messages that you are unhappy with.

on the left side as the # column and the blue circle with the letter "i" in the middle. click on it.

that brings up the message details page, scroll down until you see the lines "SpamAssassin Score" and "Spam Report". It looks like the following:
Screen-Shot-2017-08-02-at-13.55a.png
Screen-Shot-2017-08-02-at-13.55a.png (79.16 KiB) Viewed 4574 times
and post that information.

In the above report, my bayes filters are almost certain this is junk (3 9's). I think I also increased the weight of my bayes filter at the top end of the confidence range.

pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo » 02 Aug 2017 15:21

Screen shot below. There are no Bayes values displayed so I'm guessing that could be part of the problem. Also I have noticed when flagging a mail as SPAM the following comes up before the EFA page, not sure if this is relevant:
Learned tokens from 0 message(s) (1 message(s) examined)
Image

Thanks

PJ

User avatar
shawniverson
Posts: 2880
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: Spam mails getting through

Post by shawniverson » 02 Aug 2017 21:26

Yeah, something is wrong with bayes. It appears it isn't learning or examining mails :think:
Version eFa 4.0.0 now available!

pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo » 02 Aug 2017 21:31

Is it possible that there is a setting to enable it that I have missed?

User avatar
shawniverson
Posts: 2880
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: Spam mails getting through

Post by shawniverson » 02 Aug 2017 22:15

It is supposed to be enabled by default, which concerns me. We need to troubleshoot. I think worst case you may need to clear the bayes database...
Version eFa 4.0.0 now available!

pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo » 02 Aug 2017 23:16

Resetting the Bayes DB wouldn't be a problem as the install is only a month or so old.

As for trouble shooting, are there any logs I could look through?

pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo » 03 Aug 2017 00:06

Also, is this any use?

Image

User avatar
shawniverson
Posts: 2880
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: Spam mails getting through

Post by shawniverson » 03 Aug 2017 00:17

Yeah that doesn't look right, just a month old? Check out the oldest token.

I would advise clearing it, feeding it new spam/ham, and seeing if you start getting hits.
Version eFa 4.0.0 now available!

pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo » 03 Aug 2017 03:33

Will do. I'll report back in a couple of days.

Thanks

henk
Posts: 395
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Spam mails getting through

Post by henk » 03 Aug 2017 10:15

Try feed it (bayes) some spam. :idea:

I couldn't find any settings regarding the bayes corpus in Efa, so it will be default settings.

bayes_min_ham_num (Default: 200)
bayes_min_spam_num (Default: 200)
To be accurate, the Bayes system does not activate until a certain number of ham (non-spam) and spam have been learned. The default is 200 of each ham and spam, but you can tune these up or down with these two settings.

Just run spamassassin --lint -D and check if you find the message below.

dbg: bayes: corpus size: nspam = 13, nham = 511 <---------------
Probably because your corpus is still too small.

or

Code: Select all

sa-learn --dump magic|grep token

About the oldest token: ( 2003 date)
bayes_auto_expire (default: 1)
If enabled, the Bayes system will try to automatically expire old tokens from the database. Auto-expiry occurs when the number of tokens in the database surpasses the bayes_expiry_max_db_size value.

pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo » 03 Aug 2017 11:15

That all makes sense.
Are there any ways to feed Bayes spam other than by receiving it?

henk
Posts: 395
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Spam mails getting through

Post by henk » 03 Aug 2017 11:59

The fast way is to restore the bayes db from a backup, but as I understand you do not have a backup from an previous(EFA) version.

1) sa-learn --backup > backup.txt

2) sa-learn --clear (this is optional, but good to do to clear out the old database)

3) Once you have backed up all databases you can update your configuration for the new database backend. This will involve at least the bayes_store_module config option and may involve some additional config options depending on what is required by the module.

4) For each backed up database run: sa-learn --restore backup.txt

The other way is to feed spam into bayes with mail already classified as spam. See the man pages

The option I would use in your case, is to create a temp fake mail account and start using it .
Sign in to various sites leaving this fake account as email-addres.When you reached the spam limit for bayes (> 200), delete the fake account.

Take some time to train the bayes db. It's worth the time.

Just take a look at: viewtopic.php?f=5&t=2400

ovizii
Posts: 459
Joined: 11 May 2016 08:08

Re: Spam mails getting through

Post by ovizii » 08 Aug 2017 10:32

just wanted to add that I often see:

Code: Select all

Learned tokens from 0 message(s) (1 message(s) examined)
that usually happens when the email didn't have anything new to add to Bayes apparently?

pipjo
Posts: 43
Joined: 06 Jul 2017 09:08

Re: Spam mails getting through

Post by pipjo » 08 Aug 2017 14:06

Thanks everyone for your suggestions. I'm rebuilding the DB (slowly) and will update once I pass 200.

Post Reply