Jump to content

Is SC/SpamAssassin broken


Recommended Posts

I'm not sure how the data found at your Tracking URL matches up with your filtering problem. There's nothing in your sample that shows that any filtering was done at all, but noting also that the sample seen via your Tracking URL doesn't appear to be a full spam either. You say you have a threshold setting of "1" but there are no lines showing that indicate that this e-mail was touched by the filtering system.

OK, sorry aboiut the starting commentary here .. admit to having too many items opened up and see now that I was looking at the wrong sample ... but, can you explain the missing spam body? I've looked at both of your Tracking URLs and neither had anything beyond the headers. A bit cautious right now, as Julian has made so many changes just yesterday, not sure if this is another one ...

Link to comment
Share on other sites

I have SC popped into my browser here. I CCP'd the spam from my inbox here into the report spam page box...I assure you it did go through as cesmail.net addy IS my Spamcop mail account. This is a copy of the actual mail text... SC/SA should have caught it especially with all the images attached to it.

Her mother was taking care of them, feeding first with milk, later with to my house. During the long winter nights we grew closer and after some look at her later. I asked my new friend for help with the damage - she was a neighbor came over and, finding what she thought were two corpses, was climbing into the bathtub one afternoon when she remembered she "Instead of being time of hunger and loss, that winter brought

The fighting had been hard and continuous; that was atested by all the senses.

if the announcer didn't say COMBINED, all the kiddies would think, yeah, well ground; he had recovered his bearings. The dead on his right and on his The tavernkeeper was a baaad guy. Right at that moment of his tale It began twenty years ago. A nearby horse stable claimed myself, but even the strongest magic can't cure love." "But mister, I middle of it.It goes like this: They play the Ta, ta-da-da-da-DA, tuh, tu,tuh.

I turned away from the well-lit road into a path along the

get rid of it please half a hour I quietly sneaked out to my room and pulled from my bag my feet in the fog... I will have to hide another beer somewhere there while he slows down. The snow here is hard and flat, we are getting close to a first opponent, but without marking the hit this time. The furry terror was climbing into the bathtub one afternoon when she remembered she "Instead of being time of hunger and loss, that winter brought

first opponent, but without marking the hit this time. The furry terror The tavernkeeper was a baaad guy. Right at that moment of his tale It began twenty years ago. A nearby horse stable claimed myself, but even the strongest magic can't cure love." "But mister, I middle of it.It goes like this: They play the Ta, ta-da-da-da-DA, tuh, tu,tuh.

Link to comment
Share on other sites

Then something is wrong because the mail arrived at my SC mail account and was forwarded without filtering?? to my inbox ([at]rogers.com). I'm only CCP'ing what I get into the Report spam box back at SC. (where it should have been in the first place). Sorry about all that text, I should have taken a screen image but then I assume attachments aren't allowed here.

If I set SC mail to block all mail, then I wont get any of my legit stuff either. This only started happening about two weeks ago. Hitherto I wasn't getting any spam at all in my inbox. (Lots to report though, back at SC).

There must be something amiss, or I have a setting wrong...or??? <_<

Link to comment
Share on other sites

Ok, maybe some confusion going on here .. I saw I'd screwed up, deleted a post, unfortunately, perhaps while you were reading it (ouch) .. but, to try again, while I'm off trying to research some other things, try to go to the FAQ-in-progress at http://forum.spamcop.net/forums/index.php?showtopic=1895 and see if there's something there that might help in the interim. Apologies for my screw-up.

Link to comment
Share on other sites

Thanks, I've scanned that forum - not much help so far, but will look again. Would it help if I post the details of the next email/spam item I get in full as it appears before I report it? (from "properties")

Does this help?

http://www.spamcop.net/mcgi?action=gettrac...rtid=1110945810

SpamAssassin hit at 2.63...my limit is 1.0

All I did was ccp the mail that slipped through back into the spamcop reporting module... which to me indicates that things are slipping through.

Link to comment
Share on other sites

Mailhosts only has to do with your reporting of the spam, not stopping you from receiving it.

According to the headers, both these messages came from IP addresses that were not on the sc dnsbl at the time they were received and both scored 0.7 on the spamassassin tests, so there is no reason to block them.

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1

X-spam-Level:

X-spam-Status: hits=0.7 tests=HTML_20_30,HTML_MESSAGE,PLING_QUERY version=2.63

X-SpamCop-Checked: 192.168.1.213 82.34.184.185

SC/SA should have caught it especially with all the images attached to it.

If the gibberish text you quoted above was the body as you state, it was only the Text version of the body. Spamassassin seems to have seen an HTML message (neither of which are showing in the tracker full message body). It looks like spamassassin only looked at the html version of the message, and found nothing serious breaking the rules. This is one of the reasons that spamassassin alone is not very effective (in my opinion) because spammers can hide all sorts of useless text which could very well be a valid email to lower the spamassassin scoring.

SpamCop does not look at the body of the message at all.

This explanation seems to make sense in that spamcop only reported the source and no spamvertized web sites (it does not report image links).

Link to comment
Share on other sites

Thanks. it's interesting to note that its only mail directly addressed to my SC email address r2d2 <at> cesmail.net that seems to get through (sometimes). (I have 5 email addresses in the filtering list.) I have every option marked in the blacklists and SpamAssassin is set to 1 which is as high as it will go.

:unsure:

Link to comment
Share on other sites

This is the spam I was talking about in my other thread

SA set to 1 - maybe it should have a 0.001 setting??!!!

It is full of porn pics and how SA assesses it at 0.1 I don't know..maybe they need a revamp or update.

Return-Path: <alejandraglpxcegaepglaaw[at]online.ie>

Delivered-To: cesmail-net-zzzz ATcesmail.net

Received: (qmail 30819 invoked from network); 14 Jul 2004 02:38:59 -0000

Received: from unknown (192.168.1.101)

by blade1.cesmail.net with QMQP; 14 Jul 2004 02:38:59 -0000

Received: from dialin.speedway24.dip55.dokom.de (HELO dip55.dokom.de) (195.253.24.55)

by mailgate.cesmail.net with SMTP; 14 Jul 2004 02:38:58 -0000

Message-ID: <E5898694.4419450[at]online.ie>

Date: Wed, 14 Jul 2004 04:45:05 +0200

From: "daryl" <alejandraglpxcegaepglaaw[at]online.ie>

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0p9.4) Gecko/20010913

X-Accept-Language: en-us

MIME-Version: 1.0

To: "daryl" <xxx at cesmail.net>

Subject: It's xmovies lol...

Content-Type: text/html;

charset="us-ascii"

Content-Transfer-Encoding: 7bit

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1

X-spam-Level:

X-spam-Status: hits=0.1 tests=HTML_MESSAGE,MIME_HTML_ONLY version=2.63

X-SpamCop-Checked: 192.168.1.101 195.253.24.55

When CCP'd to "report spam" this is the result:-

http://www.spamcop.net/sc?id=z548473749za6...cff13f3557095az

Link to comment
Share on other sites

It is full of porn pics and how SA assesses it at 0.1 I don't know

As I understand it, SA is searching for "word string matches" and format types. There is no way to automate following a link and determining it is spam, porn, or a picture of grandma. This is all software were are talking about and what you are looking to match is very dynamic. If the spammers would use consistent links or filenames, those could be searched for, but they have not followed my advise to do that .... yet ;)

The message you posted only matched 2 SA tests and those tests are part of , tests=HTML_MESSAGE,MIME_HTML_ONLY

The IP it came from looks like a dialin IP in Germany. host 195.253.24.55 = dialin.speedway24.dip55.dokom.de. Probably an infected machine spewing everytime the owner logs in.

Link to comment
Share on other sites

Thanks.  it's interesting to note that its only mail directly addressed to my SC email address r2d2 <at> cesmail.net that seems to get through (sometimes). (I have 5 email addresses in the filtering list.)  I have every option marked in the blacklists and SpamAssassin is set to 1 which is as high as it will go.

:unsure:

I've noticed that.... what I suspect is happening, is that for whatever reason (new system/IP address etc) the offender is not on the SCBL.

When spam is sent to your other addresses it can take upto 10 minutes before it reaches your inbox (because the POP operation happens only every 10 mins or so).

That 10 minutes, is probably enough for spam traps/other users to have reported the spam, and subsequently it is on the SCBL, and as such gets "held".

I used to have my mail from Yahoo!Groups! going direct to my spamcop address, and as one of the xxxx-owner addresses was being spammed fairly regularly, these were often getting through.

Having modified it to go to another address, which spamcop then popped, the mail was almost always "held".

I've been trying to reduce my own spam totals recently, and have two accounts which were overrun. One was my own fault as it had been on a webpage "undisguised", as well as posting to newsgroups etc etc. The other had been "guessed" by the spammers - and completely massacred (100 spams per day at least).

As an experiment, I've stopped popping those accounts, and whilst I post with my spamcop address undisguised - it has relatively few spam messages (10 or so per day). Maybe spammers aren't as stupid as we thought they were !!!

Malcolm

Link to comment
Share on other sites

I have my settings to pop every 1 minute... are you saying that I should make that a larger wait time? Not quite sure I understand what difference that would make.

Link to comment
Share on other sites

I have my settings to pop every 1 minute...  are you saying that I should make that a larger wait time? Not quite sure I understand what difference that would make.

The POP sonic is referring to is the one where spamcop POP's your other accounts to bring the message through the filters. You may not be doing this as you may have your messages forwarded by your other accounts to spamcop.

Your message sounds like you are popping the messages from spamcop every minute. That would not affect what sonic stated.

Link to comment
Share on other sites

I have my settings to pop every 1 minute...  are you saying that I should make that a larger wait time? Not quite sure I understand what difference that would make.

The POP sonic is referring to is the one where spamcop POP's your other accounts to bring the message through the filters. You may not be doing this as you may have your messages forwarded by your other accounts to spamcop.

Your message sounds like you are popping the messages from spamcop every minute. That would not affect what sonic stated.

Steven is correct... the timing of spamcop popping my various accounts is, as far as I know, a standard, unconfigurable value (ie always about 10 mins).

If the mail arrives in the remote mailbox just after a pop is done, you have a full 10 minutes for some other users / spam traps to report the user. Obviously, this will probably average out to about 5 mins overall - but I find I get less "false negatives" by waiting a little longer for my mail to arrive..

YMMV

Malcolm

Link to comment
Share on other sites

SC pops my mail every 5, maybe I'll set it to 15 and see if it helps.  It's really not too much of a problem I guess.

Where are you changing this setting? The option we are talking about is NOT configurable.

I think I got my wires completely crossed here. I was talking about the settings at SC Mail for how often it pops mail from my ISP. I guess that's irrelevent.

Link to comment
Share on other sites

settings at SC Mail

This is the part I am trying to figure out. As far as I know, there are no "settings at SC Mail for how often it pops mail from my ISP." (assuming SpamCop webmail).

I am talking about a basic account configuration where you have the public address you give out either forwarded to SpamCop or have SpamCop POP the messages. Then you can access the SpamCop servers directly (webmail, POP, IMAP) to get your messages, or have SpamCop forward those messages to a different, secret address. Any messages sent directly to that secret address will not be filtered.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...