wap3

On Thu 17 Jun I deleted and reapplied the filters to Chopchop>cbcog98.org
On Fri 18 Jun +8 *'s were still not being sent to dev/nul

I run the same here at home Chopchop>wap3.com
Below is one that came in this morning

CPanel Filters:
Any Header > Begins >> X-Spam-Level: ********
Any Header > Contains >> ********

When I put this in the test area it works, but there seems to be a timing/order problem with filters and SA
Could the filters be running before SA?
Are the SA headers not being added after SA and before filters?

This issue is clogging up PopFile History on the local mailservers with this trash
When our office [cbcog98] starts at 07:00 every morning at least 50 mails are retrieved with only 3-5 good ones, 3-5 that are in the point range 2.5 and 8 and have to checked manually in the quaranteened mailbox and the rest should have gone to dev/nul

This morning as so far has 23 mails, 2 PopFile classed MAIL, the rest DELETE and the ones I quickly checked are beyond the filter +8 *'s setting

Like I said when I first did this after the parent posting it worked for a month or so and the last few weeks has been failing

Thanks
--Trey Pattillo

------- BEGIN FAILED FILTERING -------------

Return-path: <wap339achopchop.surpasshosting.com>
Envelope-to: wap339achopchop.surpasshosting.com
Delivery-date: Sat, 19 Jun 2004 07:44:05 -0400
Received: from wap339a by chopchop.surpasshosting.com with local-bsmtp (Exim 4.34)
id 1BbeGS-00020g-Jb
for wap339achopchop.surpasshosting.com; Sat, 19 Jun 2004 07:44:05 -0400
Received: from localhost by chopchop.surpasshosting.com
with SpamAssassin (2.63 2004-01-11);
Sat, 19 Jun 2004 07:44:05 -0400
From: "Bobby Shipman" <MCUUUISRTMQMAYyahoo.com>
To: Meyer<meyerwap3.com>
Subject: Meds Delivered to your door step - no previous prescription required
Date: Sat, 19 Jun 2004 07:40:32 -0600
Message-Id: <1089528930.89221paypal.com>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
chopchop.surpasshosting.com
X-Spam-Level: *************************
X-Spam-Status: Yes, hits=25.1 required=2.0 tests=BAYES_99,BIZ_TLD,
CONFIRMED_FORGED,FORGED_YAHOO_RCVD,HTML_70_80,HTML _FONTCOLOR_UNKNOWN,
HTML_MESSAGE,MIME_BOUND_NEXTPART,RCVD_IN_BL_SPAMCO P_NET,RCVD_IN_DSBL,
RCVD_IN_DYNABLOCK,RCVD_IN_NJABL,RCVD_IN_NJABL_DIAL UP,RCVD_IN_OPM,
RCVD_IN_OPM_HTTP,RCVD_IN_OPM_HTTP_POST,RCVD_IN_OPM _SOCKS,
RCVD_IN_SORBS,URI_OFFERS autolearn=spam version=2.63
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_40D42705.73983EAA"

This is a multi-part message in MIME format.

------------=_40D42705.73983EAA
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "chopchop.surpasshosting.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: ------=_NextPart_000_00YJ_09C7715BG_06G.908Q61J0
Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding:
7bit Your mailer do not support HTML messages. Switch to a better
mailer. [...]

Content analysis details: (25.1 points, 2.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is unknown to us
0.1 HTML_MESSAGE BODY: HTML included in message
5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.1 HTML_70_80 BODY: Message is 70% to 80% HTML
0.1 BIZ_TLD URI: Contains a URL in the BIZ top-level domain
1.0 URI_OFFERS URI: Message has link to company offers
0.9 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
1.0 RCVD_IN_OPM_HTTP RBL: OPM: sender is open HTTP CONNECT proxy
[200.78.58.155 listed in opm.blitzed.org]
1.0 RCVD_IN_OPM RBL: Received via a relay in opm.blitzed.org
[200.78.58.155 listed in opm.blitzed.org]
3.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender did non-local SMTP
[200.78.58.155 listed in dnsbl.njabl.org]
1.3 RCVD_IN_OPM_SOCKS RBL: OPM: sender is open SOCKS proxy
[200.78.58.155 listed in opm.blitzed.org]
1.0 RCVD_IN_OPM_HTTP_POST RBL: OPM: sender is open HTTP POST proxy
[200.78.58.155 listed in opm.blitzed.org]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[200.78.58.155 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
[200.78.58.155 listed in dnsbl.njabl.org]
0.7 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?ip=200.78.58.155>]
1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?200.78.58.155>]
2.6 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[200.78.58.155 listed in dnsbl.sorbs.net]
0.5 MIME_BOUND_NEXTPART Spam tool pattern in MIME boundary
4.1 CONFIRMED_FORGED Received headers are forged

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.


[........... origianal message snipped due to size limitations.................


[ ........... SNIPPED image001.gif to save space in posting ..............]

__________________
--wap3

If we removed all of the "Oxygen Thiefs" [tm] from politics, maybe the earth would not have a Greenhouse Gas problem.

wap3.com on ChopChop

DivinoAG

Hey BigJohn. Thanks a lot for the great tutorial.

I have done all the steps for my personal website, and even tho the "bayes_seen" and "bayes_toks" files seem to have grown a lot, and I can see some info about emails that were for processing on them, the email cron sent me was not very informative. All I got was this:

I was expecting to see the "Learned from X message(s) (Y message(s) examined)" message, but nothing beyond those lines came.

Of course, if the learning process is working, this shouldn't be a problem, but it would be better to be able to know what is happening. Could you give any hint of what could I do?

__________________
Sincerely

DivinoAG
goersch.info Dior
cgon.com.br Gotti
xsibrasil.com Sync

DivinoAG

Well, I just noticed that the script is case sensitive. My SPAM and HAM folder names were in small caps. Renamed them, and worked just fine.

Again, thanks for the tutorial.

__________________
Sincerely

DivinoAG
goersch.info Dior
cgon.com.br Gotti
xsibrasil.com Sync

pseudoswede

When should I expect SA to start using Bayes scores?

__________________

"In the end, everything will be fine - if it is not fine, it is not the end."

PseudoSwede
larvez.com
Dime9

Bigjohn

After it's scanned 500 messages in your SPAM folder.

You can also edit key scores. For example, I adjusted "numeric helo" to be a higher value (3 I think) because I've never seen a ligit email server NOT reply with it's name....

John

__________________
Proud to be a Surmunity Mod!
XEON PASS60 PASS61
Make a fundamental difference!
My Sites:
Curious about Brewing Beer? Join the community!
>>>>> Some Change is GOOD! Keep your paycheck! Support the Fair Tax
Get into an Art museum
Victorian London
It's your brain -ON WEB - mybrainhost.com (under development)
What SHOULD Government do? Much Less than it Does!

bradsha

I am getting the following error message from the Cron E-mail:

Please help...thanks

Learning SPAM
Processing /home/myaccount/mail/mydomain/nb/SPAM
bayes: bayes db version 0 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.4/Mail/SpamAssassin/BayesStore/DBM.pm line 160.
Learned from 0 message(s) (1 message(s) examined).
Learning HAM
Processing /home/myaccount/mail/mydomain/nb/HAM
Learned from 0 message(s) (0 message(s) examined).
Done

pseudoswede

E-mails marked as spam by SpamAssissin no longer appends "** POSSIBLE SPAM**" to the subject. This started yesterday. Has anyone else experienced this? The settings in SpamAssassin are correct.

I'm sure I've received over 500 spams by now, but I've yet to get a Bayes score on any spam.

__________________

"In the end, everything will be fine - if it is not fine, it is not the end."

PseudoSwede
larvez.com
Dime9

Bigjohn

I've already kicked that into support. They're digging into it.

__________________
Proud to be a Surmunity Mod!
XEON PASS60 PASS61
Make a fundamental difference!
My Sites:
Curious about Brewing Beer? Join the community!
>>>>> Some Change is GOOD! Keep your paycheck! Support the Fair Tax
Get into an Art museum
Victorian London
It's your brain -ON WEB - mybrainhost.com (under development)
What SHOULD Government do? Much Less than it Does!

Bigjohn

are you getting the same error in your cron output?

__________________
Proud to be a Surmunity Mod!
XEON PASS60 PASS61
Make a fundamental difference!
My Sites:
Curious about Brewing Beer? Join the community!
>>>>> Some Change is GOOD! Keep your paycheck! Support the Fair Tax
Get into an Art museum
Victorian London
It's your brain -ON WEB - mybrainhost.com (under development)
What SHOULD Government do? Much Less than it Does!