Spamassassin tricks

Mike stuff at dustsmoke.com
Thu Sep 7 17:57:09 MST 2006 

Nathan England wrote:
> Anyone have any good spamassassin tricks while I'm on the topic?
> I have mine set to change the header of anything over a 4.0 but it is very 
> rare that anything is given over a 4.0. Even spam will only get a few points 
> over a 4.0
>
> What are people doing to get a 20.0 as some tutorials say to set it at?
>   

If I don't have network tests working then I will get low scores like 
yours. Make sure you /etc/host file is correct because spamassassin is 
funky about that and auto enableing network tests. You should see the 
bold stuff showing up in spam. Otherwise do the math and you'd see this 
wouldn't get a very high score.

 pts rule name              description
---- ---------------------- --------------------------------------------------
 1.7 DATE_IN_FUTURE_06_12   Date: is 6 to 12 hours after Received: date
 1.3 INFO_TLD               URI: Contains an URL in the INFO top-level domain
 4.0 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
                            [score: 1.0000]
 *0.2 DNS_FROM_RFC_ABUSE     RBL: Envelope sender in abuse.rfc-ignorant.org
 1.4 DNS_FROM_RFC_WHOIS     RBL: Envelope sender in whois.rfc-ignorant.org
 2.6 DNS_FROM_RFC_DSN       RBL: Envelope sender in dsn.rfc-ignorant.org
 2.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
                            [155.143.235.19 listed in dnsbl.sorbs.net]
 2.2 RCVD_IN_WHOIS_INVALID  RBL: CompleteWhois: sender on invalid IP block
          [155.143.235.19 listed in combined-HIB.dnsiplists.completewhois.com]
 1.7 DNS_FROM_RFC_POST      RBL: Envelope sender in
                            postmaster.rfc-ignorant.org
 0.2 DNS_FROM_AHBL_RHSBL    RBL: From: sender listed in dnsbl.ahbl.org
 1.6 URIBL_SBL              Contains an URL listed in the SBL blocklist
                            [URIs: hostelcontact.info]
 4.1 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist
                            [URIs: hostelcontact.info]
 3.0 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL blocklist
                            [URIs: hostelcontact.info]*
 2.6 REPTO_OVERQUOTE_THEBAT The Bat! doesn't do quoting like this



The other bulk of my scores come from the baysian engine... Once you 
have 200 hams and 200 spams that turns on automatically. (read about 
sa-learn for that one) To know how many you have or how many you need to 
go, do a "sa-learn --dump magic". Notice on my spam that is this score

 4.0 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
                            [score: 1.0000]


Normally I adjust BAYES_99 to 4.5 points but since I just upgraded 
spamassassin I have everything at default to see how the detection/rules 
have changed before I start modifying things. For me, with thousands of 
hams and thousands of spams, this thing is literally never wrong all by 
itself for me. Thats why I let it mark spam almost all by itself. But 
results vary depending on everybody, and what you've taught it.

Anywho, tally up the other 3 failed on that email and thats how a lot of 
things would be if both of these things weren't working. Sound familiar?

-Mike

More information about the PLUG-discuss mailing list