Re: mail server send mail to yahoo bulk folder

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim wrote (about SpamAssassin flagging .biz domains):
> Yes, in that message, though in practice the entire message was parsed.
> Any mention of one gets detected.
> 
> My main beef with it has been not that it uses it as a "slightly higher
> rating", but that it flags it *as* spam, outright.  On the basis that an
> e-mail came from that domain, or mentions a URI inside it with it, it'd
> be flagged as BEING spam.  So, completely NON spam e-mail was getting
> dumped, carte blanche.  Often recipients were completely unaware of
> this.

I'm not sure which version of SpamAssassin you're talking about, nor yet
which rulesets are enabled. But that doesn't sound right -- normally, a
spam will have to trigger a number of rules before SpamAssassin will
mark it as spam.

In the current 3.1.7:

score BIZ_TLD 1.719 1.169 2.035 2.013
uri BIZ_TLD                     /\.biz(?::\d+)?(?:\/|$)/i
describe BIZ_TLD                Contains an URL in the BIZ top-level domain    

score INFO_TLD 1.373 0.813 1.457 1.273
uri INFO_TLD                    /\.info(?::\d+)?(?:\/|$)/i
describe INFO_TLD               Contains an URL in the INFO top-level domain

The scores vary on whether you've got "network" tests (i.e. blacklists)
and Bayesian testing turned on.

By default, one will need a score of 5 before a spam is marked as spam.

SpamAssassin *doesn't* currently score on mail (allegedly) *from* a .biz
domain (I've got plenty, thanks, and there's no mention of SpamAssassin
scoring on it).

> Yet, real spam, loaded with a plethora of readily identifiable
> indicators gets a quit low probability rating, and still gets through to
> the inbox.

This is quite possible.

My experience with SpamAssassin is that the extra, non-Bayesian rules
are helpful as an adjunct to the Bayesian rules, but that the default
rules don't catch a good proportion of the spam. Worse, SpamAssassin
won't even turn Bayesian filtering on until it has learnt 200 good and
200 spam e-mails.

But once it's been trained (and once the Bayesian filter has been given
boosted scores), it is an effective way of sorting out spam.

http://lwn.net/Articles/172491/ is a good review of various filters.

> The detection priorities are all out of whack.  Spamassassin's moronic
> defaults (e.g. the above mentioned behaviour), plus it's black & white
> listing databasing on "to" and "from" addresses, instead of the content
> of the message (e.g. white list a mailing list, and all spam gets
> approved that forges those addresses),

Um.

For one thing, SpamAssassin tries to "auto-whitelist" and
"auto-blacklist" on IP address and sender
(http://wiki.apache.org/spamassassin/AutoWhitelist). This would
effectively stop spam from forging an existing correspondent's identity,
*if* SpamAssassin can identify the "right" IP to log. (If an e-mail is
forwarded from one address to an ISP, through fetchmail and through
Postfix, each step adding a "received" address, then SpamAssassin really
does need to be told which MTAs are trustworthy. The trusted_networks
configuration option does this).

For another, SpamAssassin shouldn't be auto-whitelisting mailing lists.
At least on the Fedora list, it "auto-whitelists" individual senders,
not the list. Even then, all it does is note an average scores per
(alleged) sender. If a mail forges that sender's address and scores
highly, SpamAssassin will reduce the score somewhat, but if there are
enough "spam" signs, the score will still be enough to get the mail
marked as spam.

The detection priorities are periodically reassigned based on the
SpamAssassin databases of good and spam e-mails -- there is a method
behind it.

If you are finding that e-mail is being flagged as spam when it
shouldn't be, then http://wiki.apache.org/spamassassin/DoYouWantMyHam
will allow you to send the developers a copy, so the appropriate rules
can be tightened or lowered.

Hope this helps,

James.
-- 
E-mail:     james@ | You can accept the existence of rain without denying the
aprilcottage.co.uk | existence of umbrellas.
                   |     -- http://ozyandmillie.org/2006/om20060615.html

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux