Spam mails getting through
Spam mails getting through
I've noticed that mails I mark as Spam are still being delivered if they are sent again. Is there anywhere I can check:
That the mails I mark as Spam are being recorded so that future mails will be flagged?
Why these mails are still getting through.
Thanks
PJ
That the mails I mark as Spam are being recorded so that future mails will be flagged?
Why these mails are still getting through.
Thanks
PJ
Re: Spam mails getting through
The "mark as spam" trains the bayes spam classifier, which should help push up the spam score. Over time, as the bayes filter learns what you think is spam, the spam score of those messages will increase, hopefully to the point where it is marked as "high spam" and then no longer gets delivered.
can you give an example of a spamassassin spam report from one of these messages that is getting through? spam reports are essential to understanding why a message is getting delivered when it should not.
can you give an example of a spamassassin spam report from one of these messages that is getting through? spam reports are essential to understanding why a message is getting delivered when it should not.
Re: Spam mails getting through
How do I get the Spam Report?
Re: Spam mails getting through
go to the efa web interface ( mailscanner/status.php or /mailscanner/rep_message_listing.php or /mailscanner/rep_message_ops.php )
find one of the messages that you are unhappy with.
on the left side as the # column and the blue circle with the letter "i" in the middle. click on it.
that brings up the message details page, scroll down until you see the lines "SpamAssassin Score" and "Spam Report". It looks like the following: and post that information.
In the above report, my bayes filters are almost certain this is junk (3 9's). I think I also increased the weight of my bayes filter at the top end of the confidence range.
find one of the messages that you are unhappy with.
on the left side as the # column and the blue circle with the letter "i" in the middle. click on it.
that brings up the message details page, scroll down until you see the lines "SpamAssassin Score" and "Spam Report". It looks like the following: and post that information.
In the above report, my bayes filters are almost certain this is junk (3 9's). I think I also increased the weight of my bayes filter at the top end of the confidence range.
Re: Spam mails getting through
Screen shot below. There are no Bayes values displayed so I'm guessing that could be part of the problem. Also I have noticed when flagging a mail as SPAM the following comes up before the EFA page, not sure if this is relevant:
Learned tokens from 0 message(s) (1 message(s) examined)
Thanks
PJ
Learned tokens from 0 message(s) (1 message(s) examined)
Thanks
PJ
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Spam mails getting through
Yeah, something is wrong with bayes. It appears it isn't learning or examining mails
Re: Spam mails getting through
Is it possible that there is a setting to enable it that I have missed?
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Spam mails getting through
It is supposed to be enabled by default, which concerns me. We need to troubleshoot. I think worst case you may need to clear the bayes database...
Re: Spam mails getting through
Resetting the Bayes DB wouldn't be a problem as the install is only a month or so old.
As for trouble shooting, are there any logs I could look through?
As for trouble shooting, are there any logs I could look through?
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Spam mails getting through
Yeah that doesn't look right, just a month old? Check out the oldest token.
I would advise clearing it, feeding it new spam/ham, and seeing if you start getting hits.
I would advise clearing it, feeding it new spam/ham, and seeing if you start getting hits.
Re: Spam mails getting through
Will do. I'll report back in a couple of days.
Thanks
Thanks
Re: Spam mails getting through
Try feed it (bayes) some spam.
I couldn't find any settings regarding the bayes corpus in Efa, so it will be default settings.
bayes_min_ham_num (Default: 200)
bayes_min_spam_num (Default: 200)
To be accurate, the Bayes system does not activate until a certain number of ham (non-spam) and spam have been learned. The default is 200 of each ham and spam, but you can tune these up or down with these two settings.
Just run spamassassin --lint -D and check if you find the message below.
dbg: bayes: corpus size: nspam = 13, nham = 511 <---------------
Probably because your corpus is still too small.
or
About the oldest token: ( 2003 date)
bayes_auto_expire (default: 1)
If enabled, the Bayes system will try to automatically expire old tokens from the database. Auto-expiry occurs when the number of tokens in the database surpasses the bayes_expiry_max_db_size value.
I couldn't find any settings regarding the bayes corpus in Efa, so it will be default settings.
bayes_min_ham_num (Default: 200)
bayes_min_spam_num (Default: 200)
To be accurate, the Bayes system does not activate until a certain number of ham (non-spam) and spam have been learned. The default is 200 of each ham and spam, but you can tune these up or down with these two settings.
Just run spamassassin --lint -D and check if you find the message below.
dbg: bayes: corpus size: nspam = 13, nham = 511 <---------------
Probably because your corpus is still too small.
or
Code: Select all
sa-learn --dump magic|grep token
About the oldest token: ( 2003 date)
bayes_auto_expire (default: 1)
If enabled, the Bayes system will try to automatically expire old tokens from the database. Auto-expiry occurs when the number of tokens in the database surpasses the bayes_expiry_max_db_size value.
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: Spam mails getting through
That all makes sense.
Are there any ways to feed Bayes spam other than by receiving it?
Are there any ways to feed Bayes spam other than by receiving it?
Re: Spam mails getting through
The fast way is to restore the bayes db from a backup, but as I understand you do not have a backup from an previous(EFA) version.
1) sa-learn --backup > backup.txt
2) sa-learn --clear (this is optional, but good to do to clear out the old database)
3) Once you have backed up all databases you can update your configuration for the new database backend. This will involve at least the bayes_store_module config option and may involve some additional config options depending on what is required by the module.
4) For each backed up database run: sa-learn --restore backup.txt
The other way is to feed spam into bayes with mail already classified as spam. See the man pages
The option I would use in your case, is to create a temp fake mail account and start using it .
Sign in to various sites leaving this fake account as email-addres.When you reached the spam limit for bayes (> 200), delete the fake account.
Take some time to train the bayes db. It's worth the time.
Just take a look at: viewtopic.php?f=5&t=2400
1) sa-learn --backup > backup.txt
2) sa-learn --clear (this is optional, but good to do to clear out the old database)
3) Once you have backed up all databases you can update your configuration for the new database backend. This will involve at least the bayes_store_module config option and may involve some additional config options depending on what is required by the module.
4) For each backed up database run: sa-learn --restore backup.txt
The other way is to feed spam into bayes with mail already classified as spam. See the man pages
The option I would use in your case, is to create a temp fake mail account and start using it .
Sign in to various sites leaving this fake account as email-addres.When you reached the spam limit for bayes (> 200), delete the fake account.
Take some time to train the bayes db. It's worth the time.
Just take a look at: viewtopic.php?f=5&t=2400
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: Spam mails getting through
just wanted to add that I often see:
that usually happens when the email didn't have anything new to add to Bayes apparently?
Code: Select all
Learned tokens from 0 message(s) (1 message(s) examined)
Re: Spam mails getting through
Thanks everyone for your suggestions. I'm rebuilding the DB (slowly) and will update once I pass 200.