Problems with SpamAssassin ?

[m0urs]

Hi!

In the last weeks I often got mails not marked as spam because they are not blocked by one of the blackliste. In this case SpamAssassin should be the one who marks the message as spam (my threshold is 4).

But many times this is not working as SpamAssassin gives only a very low rating, as e.g. here :

http://www.spamcop.net/sc?id=z655953512z58...9eceb471f295c8z

http://www.spamcop.net/sc?id=z655953522z35...e8a0ec3c714bcez

Both times my provider and also Goolges GMAIL has marked this message correctly as spam.

Any idea? Can we improve the spamcop system here?

Best regards,

Michael

[PeterJ]

Your two messages are good examples of a SpamAssassin implementation at your provider that is more optimally setup when compared to SpamCop's implementation of SA. Note that the differences in the scores are drastic and this is because of several reasons. On the first message your provider is using both DNSRBL and SURBL checks to contribute to the overall SpamAssassin score. On the second message perhaps they are still using both, however it only tripped the SURBL checks and not the DNSRBL ones.

Thanks for posting these messages they help confirm my feeling that SpamCop's SA implementation is not optimal. In a recent thread on the topic of SURBLs I asked JT to comment on the possibility of setting SURBL checks in place, however he rarely makes an appearance in the forums these days.

Our best bet for JT improving SpamCop's SA is when SpamAssassin 3 is officially released and then ask him to consider implementing this *with* turning on the SURBL checks. I think SpamAssassin 3 is currently at RC4, so I imagine it cannot be too much longer before it is officially released.

PeterJ

[Wazoo]

however he rarely makes an appearance in the forums these days.

Not an answer ... but earlier this week, I'd made this same statement over in one of the newsgroups. Imagine my surprise at seeing JT then make a post about a half-hour later in that same thread <g> Ooooops!

[StevenUnderwood]

ask him to consider implementing this *with* turning

While I am definitely no expert when it comes to SpamAssassin, I have no idea how you could use any type of tuning on a setup as large as spamcops.

How would you submit good messages and spam for the tuning. Do you simply use other criteria (the dnsbl's for instance) to say this is spam, analyze it as a bad message. If so, there are false positives in the bl's alomost every day...I have close to 60 whitelisted domains (mostly) or addresses that have been blocked at one time on at least one of the bl's. Also, I get at least 1-5 sam messages through the bl's every day tha I submit for reporting every day.

[PeterJ]

Not "tuning", "turning on"...as in choose to use SURBL checks in SpamCop's SA implementation. This can be done with either the current version that I assume SpamCop is still running or with the soon to be released SA version 3.

Note that I am not suggesting that JT turn on DNSRBL checking internal to SpamCop's SA, nor am I rehashing the whole bayesian thing, only suggesting that adding SURBL checks to SpamCop's current SA scoring would be beneficial. SpamCop mail users would not be providing any feedback in regards to this setup in the form of "tuning" or "training."

Also, as noted elsewhere, JT likes SA rules/tests that have very low false positive rates and SURBL tests so far have fallen in this category.

Link to SURBL info

[StevenUnderwood]

Thank you and sorry for mis reading your statement.

[m0urs]

Hope this feature will be turned on soon as I now get almost daily one or two spam messages in my inbox which could be blocked by turning this on....