Jump to content

Filtering Problems?


Recommended Posts

Posted

Please compare and contrast the headers of the spam messages which have been making it into your Inbox, paying close attention to the X-spam and X-SpamCop Header Lines and which blade processed them, to discover why those messages might not have been filtered correctly, and what they have in common. Thanks!

Edit: 2005/09/22 11:17 EDT -0400 Jeff G. added "compare and contrast".

Posted

Here are a few that made it through:

X-spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on blade1

X-spam-Level: ***

X-spam-Status: hits=3.4 tests=FORGED_RCVD_HELO,RCVD_BY_IP,RCVD_NUMERIC_HELO,

SARE_FWDLOOK,STOCK_PICK version=3.0.2

X-SpamCop-Checked: 192.168.1.103 216.244.108.25 61.11.98.18 171.172.39.102

---

X-spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on blade1

X-spam-Level: ***

X-spam-Status: hits=3.0 tests=HTML_MESSAGE,URIBL_SBL,URIBL_WS_SURBL

version=3.0.2

X-SpamCop-Checked: 192.168.1.103 207.69.200.237 207.69.200.66 200.49.212.221

---

X-spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on blade4

X-spam-Level: *

X-spam-Status: hits=1.4 tests=HTML_40_50,HTML_MESSAGE,MIME_HTML_ONLY,

NO_REAL_NAME version=3.0.2

X-SpamCop-Checked: 192.168.1.103 216.244.108.25 66.192.236.242 10.123.1.41

---

X-spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on blade4

X-spam-Level: **

X-spam-Status: hits=2.7 tests=DATE_IN_FUTURE_24_48,HTTP_EXCESSIVE_ESCAPES

version=3.0.2

X-SpamCop-Checked: 192.168.1.103 216.244.108.25 209.239.32.249

Posted

Here are more:

X-spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on blade4

X-spam-Level: *

X-spam-Status: hits=1.6 tests=RCVD_BY_IP,RCVD_NUMERIC_HELO version=3.0.2

X-SpamCop-Checked: 192.168.1.103 216.244.108.25 203.177.227.232 203.177.227.232 161.73.63.212 203.177.227.232

---

X-spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on blade5

X-spam-Level: ****

X-spam-Status: hits=5.0 tests=URIBL_JP_SURBL,URIBL_OB_SURBL version=3.0.2

X-SpamCop-Checked: 192.168.1.103 216.244.108.25 220.107.20.249 36.62.125.16

---

X-spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on blade3.cesmail.net

X-spam-Level:

X-spam-Status: hits=0.0 tests=none version=3.0.2

X-SpamCop-Checked: 192.168.1.103 216.244.108.25 24.174.173.96 133.114.126.80

---

X-spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on blade4

X-spam-Level: *

X-spam-Status: hits=1.0 tests=HOT_NASTY,PORN_16 version=3.0.2

X-SpamCop-Checked: 192.168.1.103 216.244.108.25 218.222.102.122 204.97.41.92

---

X-spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on blade6

X-spam-Level:

X-spam-Status: hits=0.5 tests=PORN_16 version=3.0.2

X-SpamCop-Checked: 192.168.1.103 216.244.108.25 210.162.35.45 166.125.242.19

Posted

Looks like your spammer has been able to keep the spamassassin numbers below the 5 threshold and staying away from blocked IP's. I have not seen any increase on this end.

Posted

Recently (~ past month) I was getting an increased amount of spam past the filters. Every day it's more and more. Today (from ~ 1am to 9am) I got over 20 spam message in my inbox. During the same span of time ~ 60 were filtered. It's pretty bad compared to what SpamCop was able to do before. Only maybe 1 out of 100 was getting through.

All filtering severs are enabled and SpamAssasin treshold is set to 5. I don't see any patterns between the emails that were able to go through. Except one thing - I am getting lots of spam in Russian. One other thing is I am getting the same spam over and over - about some stupid stocks.

Did spammers figure out a way to trick SpamCop or SpamAssasin? When will this end?

One other coinsidence I noticed is that while I am reporting spam I am getting more through at the same time. It happened *many* times. I am thinking it's some sort of pattern too... I don't get why tho? Maybe spamcop figures if I am reporting something now, I might as well report some more?

It happened again just now. I reported 100 spam messages and got 2 more in my inbox.

  • 2 weeks later...
Posted

I get a lot of spam. Almost a 1000 messages a day. When I log-in to the webmail in the morning I can have 200 spam waiting for me. If I leave it there, and check my mail two or three times later in the morning, the personal filter rules system finally wakes up and filters all my e-mail and tosses out the spam. I can tell by the 200 "filter activity" reports that I get and the reduced size of my IN BOX.

I have the switches set "" on for: "Apply filter rules upon logging on?"

and:"Apply filter rules whenever INBOX is displayed?"

So any idea why it takes a few refreshes to finally filter the mail?

It's not about the spam having too low a rating as described in reply # 2 above, it's more about some sort of lag time for the filters to do their work...or does it take a hour for the filters to read through all 200 spams before it's done filtering?

Also if I POP the mail, it seems that the personal filters haven't kicked in at all, that's why I started webmailing first.

Thanks for any insights...Stan

Posted
I get a lot of spam.  Almost a 1000 messages a day.  When I log-in to the webmail in the morning I can have 200 spam waiting for me.  If I leave it there, and check my mail two or three times later in the morning, the personal filter rules system finally wakes up and filters all my e-mail and tosses out the spam.  I can tell by the 200 "filter activity" reports that I get and the reduced size of my IN BOX. 

33830[/snapback]

How long is the "two or three times later in the morning"? It is known to take a while to process messages. It is possible that it starts the process when you first log in and if you stayed logged in long enough and simply refreshed your screen (or had the automatic refresh set to do it for you) that you would see the messages processed.

How many messages you you have in your entire mailbox? If you are automatically moving spam messages to another folder (even trash) but not emptying that folder, then you are slowing down all processing on your account. I keep my Trash purged to 3 days which works for me.

Posted

I'll get the 200 messages. Read the actual mail. Check again within an hour. It usually takes about an hour before the filter works.

While I have been testing this, I have not been moving my mail within that hour. Just opening mail to be read in another window, keeping the 200 message list intact until I see the filter work, which can be 30-60 minutes after initial log in.

Later in the day the same thing occurs. Tons of messages, I refresh my screen and some time later the filter works.

At the start of the day I can have 2000 messages in my HELD MAIL folder and a few hundred in trash.

Does this make any sense?

Posted
At the start of the day I can have 2000 messages in my HELD MAIL folder and a few hundred in trash.

33832[/snapback]

Though I can't speak from experience, hust using that "systems analyst" hat thing ... though your numbers aren't necessarily in the 'massive' scalr, there may be some connection. In previous issues/compaints about "timing out" problems, some of this was 'much' discussed. Off the top of my head, I believe that (or some of it) is referenced via link in the SpamCop FAQ 'here' .. title something like "things to check" (?) ... I don't recall that "hours" were specifically stated, but that some time span was involved was a definite . recalling some folks talking of attemptung to log in (and stay connected) several times ... not an answer, but possibly some additional info to add to the mix ...????

Posted
... I don't recall that "hours" were specifically stated, but that some time span was involved was a definite . recalling some folks talking of attempting to log in (and stay connected) several times ...  not an answer, but possibly some additional info to add to the mix ...????

33837[/snapback]

Actually the filtering seemed to work better a couple of months ago, before I started deleting my HELD MAIL via IMAP. As I remember it, the filtering occurred when I logged-in. Now there is that delay. Logging in and reading the mail is not slowed down. Just the filtering from my own filter list.

Ddi anything change on the server, or is it just random voodoo affecting me?

It's only a hassle when I'm on the road and have to deal with several hundred spam in my webmail Inbox.

Posted
Ddi anything change on the server, or is it just random voodoo affecting me?

33838[/snapback]

From this side of the screen, I'd have to say that yes, there have been some changes .. see Email submission from webmail failing .. but what those changes may be or if there's any connection ...??? Only JT would know at this point ...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...