jefft Posted March 11, 2004 Posted March 11, 2004 I've activated some new SpamAssassin rules. Please let me know here if you notice anything, good or bad. JT
PeterJ Posted March 11, 2004 Posted March 11, 2004 Excellent. I noticed chickenpox earlier today: X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1 X-spam-Level: ******************* X-spam-Status: hits=19.4 tests=BIZ_TLD,DATE_IN_PAST_03_06,FORGED_YAHOO_RCVD, HTML_40_50,HTML_FONTCOLOR_UNKNOWN,HTML_FONT_BIG,HTML_MESSAGE, J_CHICKENPOX_12,J_CHICKENPOX_13,J_CHICKENPOX_22,J_CHICKENPOX_23, J_CHICKENPOX_36,J_CHICKENPOX_38,J_CHICKENPOX_44,J_CHICKENPOX_45, RCVD_IN_BL_SPAMCOP_NET version=2.63 X-SpamCop-Checked: 192.168.1.101 66.163.175.88 67.36.128.28 217.162.132.157 29.81.162.30 217.162.132.157 X-SpamCop-Disposition: Blocked SpamAssassin=19 and blackhair just now: X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6 X-spam-Level: ************************* X-spam-Status: hits=25.7 tests=BIZ_TLD,CLICK_BELOW,DATE_IN_FUTURE_12_24, FORGED_OUTLOOK_TAGS,HTML_70_80,HTML_FONT_BIG,HTML_MESSAGE, HTML_TAG_BALANCE_A,HTML_TAG_BALANCE_BODY,J_BACKHAIR_11,J_BACKHAIR_12, J_BACKHAIR_13,J_BACKHAIR_22,J_BACKHAIR_23,J_BACKHAIR_24,J_BACKHAIR_25, J_BACKHAIR_31,J_BACKHAIR_32,J_BACKHAIR_33,J_BACKHAIR_42, MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,MORTGAGE_PITCH,MORTGAGE_RATES, SAVE_THOUSANDS,SUBJ_HAS_SPACES,SUBJ_HAS_UNIQ_ID,USERPASS version=2.63 X-SpamCop-Checked: 1 I will try and provide feedback. Weird timing as I just decided this morning to turn off all the BLs available on my spamcop mail account and only use SpamAssassin. I am trying it set on 3 for now. Others will likely be able to provide feedback more quickly because I only receive about 20 spam per day and I know others can top that. I will post spam to the NG and reference them from this thread if I see anything coming through with low scores. Have you thought about using the rule known as "Antidrug"? I know you have concerns about doctors who may use spamcop mail and how this would affect them, but we could always find out from other admins of SA how serious a problem this really is. Can you comment on whether or not all blades are using the same SA rules or not? And, what blacklists are being used within SA to add to the cumulative scores, is it just the spamcop bl? and if so, is it implemented on all blades? Just curious. Thanks a bunch
PeterJ Posted March 12, 2004 Posted March 12, 2004 Disregard my question about the rule "Antidrug", I see it is implemented, I just received a hit for Vi[at]gra. (For those who do not know, the tests below that indicate this are "LOCAL_DRUGS_MALEDYSFUNCTION" and "LOCAL_DRUGS_MALEDYSFUNCTION_OBFU".) For completeness, here is the Antidrug ruleset X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1 X-spam-Level: ************************** X-spam-Status: hits=26.5 tests=DATE_IN_PAST_03_06,DATE_SPAMWARE_Y2K, FORGED_MUA_EUDORA,FORGED_RCVD_NET_HELO,J_CHICKENPOX_44, LOCAL_DRUGS_MALEDYSFUNCTION,LOCAL_DRUGS_MALEDYSFUNCTION_OBFU, MANY_EXCLAMATIONS,MISSING_MIMEOLE,MISSING_OUTLOOK_NAME, RCVD_IN_BL_SPAMCOP_NET,RCVD_NUMERIC_HELO,UP_TO_OR_MORES version=2.63 X-SpamCop-Checked: 192.168.1.213 216.154.195.44 200.90.65.185 113.8.142.223 216.154.195.44 X-SpamCop-Disposition: Blocked SpamAssassin=26 So far I have received no false positives or false negatives, but have received minimal spam since you added the new rules. I am really pleased that we have the "Antidrug" rule in effect. Great job JT!
lawless Posted March 12, 2004 Posted March 12, 2004 The rule RCVD_IN_BL_SPAMCOP_NET is redundant and should be removed. Having it in SpamAssassin prevents users who want to run without the SpamCop block-list from making use of SpamAssassin. Those who get false positives from the SpamCop BL are forced to remove SpamAssassin from their configuration too. SpamAssassin and SpamCop BL have separate activations in the user configuration. RCVD_IN_BL_SPAMCOP_NET defeats this separation.
lawless Posted March 12, 2004 Posted March 12, 2004 Actually I see that SpamAssassin has loads of these "RCVD_IN_" filters. Probably all of them should be disabled. At a minimum the ones that have explicits checks in the SpamCop mail system should. http://www.spamassassin.org/tests.html
PeterJ Posted March 12, 2004 Posted March 12, 2004 lawless and all- I guess I have mixed feelings on this. If a SpamCop mail user chooses to ONLY turn on SA then theoretically one should get the most benefit of the spamcop bl. The supposed glory of SA is that one spam characteristic does not by itself qualify the message as spam. So I figure if SA is configured optimally, then a message from a friend of mine who happens to be on the spamcop bl should make it through. The key is adjusting either the score that "RCVD_IN_BL_SPAMCOP_NET" contributes and/or adjusting the end user's "SA held level." From what I can see the "RCVD_IN_BL_SPAMCOP_NET" test contributes 2.25 by default, perhaps this is too much of a contribution for a single test? Also, since JT implemented SA I think it is fair to say that many users have probably dropped their individual "SA held levels" lower over time. Now that JT has added additional tests, users may want to consider raising their "SA held levels" due to higher overall scores. I currently have my "SA held level" set on 3 and if the "RCVD_IN_BL_SPAMCOP_NET" does contribute 2.25 then I likely have a problem. The question is: Is it more appropriate for me to raise my "SA held level" or for JT to lower the amount of points that "RCVD_IN_BL_SPAMCOP_NET" contributes? I can defintely see a problem for users who want to use SA, but do not want to use the spamcop bl period, but really it sounds like the issue is FPs due to the "RCVD_IN_BL_SPAMCOP_NET" test and this can likely be solved by making adjustments vs turning it off. lawless, can you share some of your individual setup with us? Scores of FPs and what # you are holding SA tagged mail on would be interesting.
lawless Posted March 12, 2004 Posted March 12, 2004 I don't presently have a problem with the SCBL because of a laborious effort I made to create my own relay to prevent false-positives. See my earlier post in the NG "Harrowing. . ." However several SC users don't want to go to the trouble to create or find their own clean MXs, and they are susceptible to what I call "sudden total false positive syndrome." This happened to me. SC BLs your web-host provider's inbound MX, and suddenly ALL your e-mail gets blocked. Roy Lewallen posted in the old NNTP news group that he started getting all his e-mail blocked, and so removed the SCBL from his check-list. Then he also had to remove SpamAssassin due to the RCVD_IN_BL_SPAMCOP_NET tagging. He is clearly very annoyed. I want this removed because Julian favors aggression an experimentation over stability. I fully expect that he will get carried away sometime in the future and play havoc on my filtering. I want to be able to turn SCBL off when it gets out-of-hand while keeping SpamAssassin in the picture.
PeterJ Posted March 12, 2004 Posted March 12, 2004 I just received spam that was barely caught by SA with my current settings. My threshold of 3 held this barely. Entire spam in "spam NG" under "SpamAssassin score of 3.6". Headers here: Return-Path: <Fritzs7[at]23w4d.com> Delivered-To: spamcop-net-nobody[at]spamcop.net Received: (qmail 8463 invoked from network); 12 Mar 2004 21:02:04 -0000 Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101) by blade6.cesmail.net with SMTP; 12 Mar 2004 21:02:04 -0000 Received: (qmail 5654 invoked from network); 12 Mar 2004 21:02:03 -0000 Received: from ny-amherst-c4-2-bg2a-1-114.bflony.adelphia.net (67.21.92.114) by mailgate.cesmail.net with SMTP; 12 Mar 2004 21:02:02 -0000 Received: from 216.53.230.157 by 67.21.92.114; Fri, 12 Mar 2004 18:58:01 -0200 Message-ID: <RXFSEECLEBCELBSQQYDG[at]5r56t.com> From: "Beatrice Wiseman" <Beatricer7[at]5r56t.com> Reply-To: "Beatrice Wiseman" <Beatricer7[at]5r56t.com> To: nobody[at]spamcop.net, nobody[at]spamcop.net Subject: Absolutely No Doctors Appo¡ntments needed Date: Fri, 12 Mar 2004 14:01:01 -0700 X-Mailer: Produced by Microsoft Outlook Express 6.00.2462.0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--9892302889334800" X-Priority: 3 X-MSMail-Priority: Normal X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6 X-spam-Level: *** X-spam-Status: hits=3.6 tests=FORGED_MUA_OUTLOOK,MISSING_MIMEOLE,REMOVE_PAGE version=2.63 X-SpamCop-Checked: 192.168.1.101 67.21.92.114 216.53.230.157 67.21.92.114 X-SpamCop-Disposition: Blocked SpamAssassin=3 At this very moment I have not reported the spam, but interestingly the spamcop bl for 67.21.92.114 shows that the IP is listed. I know the SA score on this mail is nothing out of the ordinary, I am just left wondering why the mail did not trip the SA "RCVD_IN_BL_SPAMCOP_NET" test. Does anyone have evidence of the "RCVD_IN_BL_SPAMCOP_NET" test being tripped on an email received via blade6?
PeterJ Posted March 12, 2004 Posted March 12, 2004 lawless wrote: I want this removed because Julian favors aggression an experimentation over stability. I fully expect that he will get carried away sometime in the future and play havoc on my filtering. I want to be able to turn SCBL off when it gets out-of-hand while keeping SpamAssassin in the picture. I am not suggesting that this course of action if correct right now, but why couldn't JT simply change the score assigned to an email from the "RCVD_IN_BL_SPAMCOP_NET" test from 2.25 to 1? Curious, you did not answer what kind of SA scores you were seeing on the FP emails you received, nor what threshold you are using for SA either. Care to post some info so a clearer picture can be formed? I am curious.
groupw Posted March 13, 2004 Posted March 13, 2004 Sorry I'm late -- I just discovered this forum. I posted some comments recently on spamcop.mail about the false positives I suddenly began getting from SpamAssassin. Nearly all my legitimate email was getting blocked, so I've had to disable SpamAssassin, which until recently was doing great with a threshold of 4. The legitimate messages are now mostly getting a SpamAssassin score of 12, apparently solely due to a SpamCop blocklist listing. I posted a few abbreviated headers on sc.mail. I didn't check, but the listing might be my domain web host, which gets listed briefly from time to time. I relay all my incoming mail through the domain, so when it gets listed, all incoming email gets held regardless of its origin if I include the SpamCop blocklist as a criterion for holding. I found some time ago that I could remove the SpamCop blocklist and enable SpamAssassin (along with most of the other block lists) and get very good spam rejection with virtually no false positives. Now that SpamAssassin redundantly includes the SpamCop as a score-12 criterion, I've had to disable SpamAssassin also. Quite a bit more spam gets through, but at least the false positives have dropped back to virtually zero. Much as I hate spam, I don't hate it enough to sacrifice legitimate email. And, try as I do to carefully scan the 200-300 spams per day I get, I do miss one once in a while if it's in the held mail list. So, for me it makes no difference how you fiddle the SpamAssassin rules -- as long as it rejects mail that's from or relayed through a SpamCop-blocklisted address, I won't use it. Roy Lewallen
PeterJ Posted March 13, 2004 Posted March 13, 2004 Roy - I went back to the Newsgroups and read through the threads that you initiated there. I saw some of the headers you posted that showed the SA test "RCVD_IN_BL_SPAMCOP_NET" contributing 12 points towards the total SA score. I feel this is a major problem and a single test should never be worth 12 points. The examples you posted were from earlier this month I think, maybe only a week ago. I think the solution is to assign a value of 1 or 2 to the "RCVD_IN_BL_SPAMCOP_NET" test. Having it set for 12 assumes that the spamcop bl is infallible. Even if "your" server is on the spamcop bl then your wanted mail would still come through with a score under your threshold (at least the majority of it) under this scenario. On a slightly different note, I am hoping that JT can let us know if the SA tests and scores that are implemented are indeed equal on all blades, because if they are not this makes it harder for us to pick an effective SA threshold.
Barleyman Posted March 13, 2004 Posted March 13, 2004 Chickenpox rule really freaks out at UUencoded PBEM game files. Tsk tsk.
PeterJ Posted March 14, 2004 Posted March 14, 2004 Feedback on antidrug rule: This rule has made the most difference for the spam I receive. At least 5 messages I have received since you implemented antidrug would have passed through if it were not for tripping antidrug and gaining additional points. (Note that I am only using SA, no blacklists are checked for may mail account) I received my first false negative since the new SA rules were implemented, with a score of 1.2, entire spam posted in spam NG under "SpamAssassin score of 1.2" The false negative in quesiton had misspelled versions of "viagra" and "cialis", which apparently the antidrug rule could not detect.
jefft Posted March 15, 2004 Author Posted March 15, 2004 The legitimate messages are now mostly getting a SpamAssassin score of 12, apparently solely due to a SpamCop blocklist listing. Roy, Until Friday or so, we were using the SpamCop Blacklist in SpamAssassin. Since this is redundant, and not necessarily what everybody wants (like you), we turned this off a couple days ago. SpamAssassin and the SpamCop blacklist are now completely separate again. JT
ob1db Posted March 15, 2004 Posted March 15, 2004 Well, I have not looked at the scoring, sorry, but 5 of 10 items in my inbox this AM were spam! That is up from average of 2 per sesssion recently, 0 or 1 60 days ago. Overall I think either the filtering is failing OR the spammers are doing something we are NOT catching. David
lawless Posted March 15, 2004 Posted March 15, 2004 JT, Thanks for pulling the RCVD_IN_BL_SPAMCOP_NET filter. The new SpamAssassin filters seem to be letting less spam through. I didn't do a careful message-level study, but the number that slipped through on my spamtrap account dropped from a handful a day to nearly zero. The weekend, which is usually especially bad, was especially good. I run the spamtrap account at threshold "4", and my normal accounts at "6".
PeterJ Posted March 16, 2004 Posted March 16, 2004 Well my trial of usng only SpamCop's SA to filter my mail is over. I am getting too many false negatives due to low scores. I will probably turn all of the BLs back on now to help filter my account. Posted three recent spams received in my inbox to the spam NG, under SpamAssassin score of 1.7, 1.6, and 1.4 respectively. I just wanted to try this to get a feeling for how effective the SpamCop SA implementation is. I do think our blocking options are somewhat unique in that we have SA and the BLs separate. It would be cool if the checking of BLs were integrated into SA and each given an appropriate score (1, 2, etc.), but apparently that is not going to happen because JT just turned off the "RCVD_IN_BL_SPAMCOP_NET." I vote for the reversal of this if it is ever reconsidered in the future. A note to those who use a threshold of 2 or 1 with SA, I want to point out that this is not usually how SA is used. The lower we set our threshold for SA the less benefit we gain from its ability to provide a combined total score of spaminess and the more whitelisting would have to be used. Maybe "2" works for some, but "1" does not make any sense to me. I do not care what people set their scores on, I am merely suggesting that recommending to people that the option to set your SA threshold on 1 (and perhaps 2) is not really the solution to the problem. If users feel they have to set it as low as 1 to block spam, then something needs to be adjusted in the SpamCop SA implentation. Tweaking SA can go on forever, so let me be clear that I am not faulting JT with what he has set up here. I am pleased with the addition of the new rules, but from my testing I have found that the current SA implementation is not optimal (at least for the mail I receive.)
groupw Posted March 16, 2004 Posted March 16, 2004 JT, Thanks! I'll turn SpamAssassin back on and see how it does. Before the SpamCop SpamAssassin blocking, out of 200 or 300 or so spams per day, something like a dozen were getting through SpamAssassin (set to 4) and the other block lists, with virtually no false positives. That was just fine -- hopefully it'll return to that level. Roy
Enrico_C Posted March 18, 2004 Posted March 18, 2004 About the new Chickenpox rule: I noticed that Chickenpox alerts in a few legitimate emails I received. One was in a text-only newsletter I get. I think it was triggered by lines such as these httml://xxxxx.it.html?ADVD=724219.87618.1.0162531. (I put the Xs in place of the site name) The result was X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade4 X-spam-Level: ** X-spam-Status: hits=2.7 tests=J_CHICKENPOX_35,J_CHICKENPOX_39,J_CHICKENPOX_43, LINES_OF_YELLING,LINES_OF_YELLING_2,MAILTO_TO_REMOVE, MSGID_FROM_MTA_HEADER version=2.63
lawless Posted March 23, 2004 Posted March 23, 2004 My spam-free weekend was apparently a coincidence, as a flood ensued. This inspired a close review of SpamAssassin settings and the ratcheting down of thresholds to 4 for working accounts and 3 for the spam trap. Also looked up Jennifer, the author of ChickenPox, BlackHair, PopCorn and Weeds. Impressive! Anyone who can write regular expressions like that is a genius! http://www.emtinc.net/spamhammers.htm
vividere Posted March 25, 2004 Posted March 25, 2004 Whatever you did, please undo it All of a sudden EVERY mail I get is marked as spam. I can't even send a mail to myself without it coming back as spam. This just started in the last week to week and a half so it has to be as a result of whatever change you made. I just sent a test message from one of my domains to another one of my domains, all within the same server. Here is the header: ************************ X-MailScanner-SpamCheck: spam, Infinite-Monkeys, SpamAssassin (score=-4.9, required 5, BAYES_10, MSG_ID_ADDED_BY_MTA_3), spam, Infinite-Monkeys, SpamAssassin (score=-4.9, required 5, BAYES_10, MSG_ID_ADDED_BY_MTA_3) X-MailScanner-Information: Please contact the ISP for more information Status: ************************ A mail sent to me came in with this header: ************************ X-MailScanner-SpamCheck: spam, Infinite-Monkeys, SpamAssassin (score=0.1, required 5, HTML_50_60) Status: ************************ Here is another sample: ************************ X-MailScanner-SpamCheck: spam, Infinite-Monkeys, SpamAssassin (score=-12.3, required 5, BAYES_20, IN_REP_TO, MSG_ID_ADDED_BY_MTA_3, NO_REAL_NAME, REFERENCES, X_AUTH_WARNING) Status: ************************ They are all different but the all come in marked as spam. The filter is worthless when all mails are tagged as spam. In the past about 75% of the spam I received was properly identifided with only about 2-5% of the spam mails improperly identified such as mails from mailing lists I am on. Since this last change they are now all marked spam making the filter worthless. Lew
Jeff G. Posted March 25, 2004 Posted March 25, 2004 Whatever you did, please undo it All of a sudden EVERY mail I get is marked as spam. I can't even send a mail to myself without it coming back as spam. This just started in the last week to week and a half so it has to be as a result of whatever change you made. I just sent a test message from one of my domains to another one of my domains, all within the same server. Here is the header: ************************ X-MailScanner-SpamCheck: spam, Infinite-Monkeys, SpamAssassin (score=-4.9, required 5, BAYES_10, MSG_ID_ADDED_BY_MTA_3), spam, Infinite-Monkeys, SpamAssassin (score=-4.9, required 5, BAYES_10, MSG_ID_ADDED_BY_MTA_3) X-MailScanner-Information: Please contact the ISP for more information Status: ************************ A mail sent to me came in with this header: ************************ X-MailScanner-SpamCheck: spam, Infinite-Monkeys, SpamAssassin (score=0.1, required 5, HTML_50_60) Status: ************************ Here is another sample: ************************ X-MailScanner-SpamCheck: spam, Infinite-Monkeys, SpamAssassin (score=-12.3, required 5, BAYES_20, IN_REP_TO, MSG_ID_ADDED_BY_MTA_3, NO_REAL_NAME, REFERENCES, X_AUTH_WARNING) Status: ************************ They are all different but the all come in marked as spam. The filter is worthless when all mails are tagged as spam. In the past about 75% of the spam I received was properly identifided with only about 2-5% of the spam mails improperly identified such as mails from mailing lists I am on. Since this last change they are now all marked spam making the filter worthless. Lew None of these header lines are added by SpamCop's SpamAssassin. Do you have a complete header that implicates SpamCop's SpamAssassin and you are willing to share? Thanks!
jefft Posted March 26, 2004 Author Posted March 26, 2004 As JeffG noted, the headers you posted aren't added by SpamCop. They were added by some other mail server or your own email program. Also, the scores in those headers are very low (one of them was negative). No program, not ours or anyone elses, should be blocking messages with scores that low. If all of your email is being blocked, you might want to check out the answers on this page: http://www.spamcop.net/fom-serve/cache/336.html JT
vividere Posted March 27, 2004 Posted March 27, 2004 Hello, Upon checking my records closer I seem to have mispoken. I frankly am a little naive about my server configuration because I had someone else do the work on it. I think I only have one spam package. This is what the installer said I had: "MailScanner was installed with SpamAssassin support and Clam Antivirus" So perhaps what is being reported is not directly from SpamAssassin, but could be a filtered response provided by MailScanner. The small amount of reading leads me to believe that the Mailscanner product grabs the income mail, puts them in a queue, then it uses a ruleset (SpamAssassin) to analyze the mail and then sends the mail on. Apparently the header information I have provided is generated by MailScanner which is why you didn't recoginize them as being SpamAssassin headers, however the change in SpamAssassin rules seems to be what would "drive" how MailScanner behaves? About the 3rd week of February my mail quit flowing smoothly, it would get held for hours and then release. Then the mail seemed to function properly and on March 2 or perhaps late March 1st my mail began to misbehave again. The mail would queue for up to 5-6 hours and then I would get delivered a big chunk. Then they would queue up again and hours later another big chunk would come my way. No server changes were being made in this time frame. The first time we checked the server we found that Apache was pegging the server so we did an Apache reset which temporarily fixed the problem. The mail problems continued for several maddening days and then all of a sudden the mail started flowing "smoothly" again. However the mail started coming ALL marked as spam, HighScore spam, or Virus. None of the mail was coming through "unidentified". Suddenly yesterday some of the mail started coming through as unmarked but a lot of it was spam so a lot of spam (a LOT) of spam is still coming throun unidentifed. I was "blaming" SpamAssassin for the problem as the change in how my mail seemed to operate seemed to tie to what I read here about a change to the SpamAssassin product at the same time. Even when things seem to be working properly they aren't, i.e. I have to review all of my mail and manually sort it. Having Mailscanner identitfy something as spam only makes me slightly more suspicious of my email but I have to go through every single mail (at a subject level) and sort out what I think is spam. On rare occaision I delete mail that isn't spam and I still read a lot of mail that is spam to determine if it is spam or not. Obviously I am not the only one who is tired of spam but when you get 3000 mails on an average day, dealing with spam takes WAY too much of my time. I would like to come up with a solution that won't bog down my server and will more reliably sort my mail for me. Thanks for your time and trouble. Lew
Jeff G. Posted March 27, 2004 Posted March 27, 2004 Hello, Upon checking my records closer I seem to have mispoken. I frankly am a little naive about my server configuration because I had someone else do the work on it. I think I only have one spam package. This is what the installer said I had: "MailScanner was installed with SpamAssassin support and Clam Antivirus" So perhaps what is being reported is not directly from SpamAssassin, but could be a filtered response provided by MailScanner. The small amount of reading leads me to believe that the Mailscanner product grabs the income mail, puts them in a queue, then it uses a ruleset (SpamAssassin) to analyze the mail and then sends the mail on. Apparently the header information I have provided is generated by MailScanner which is why you didn't recoginize them as being SpamAssassin headers, however the change in SpamAssassin rules seems to be what would "drive" how MailScanner behaves? About the 3rd week of February my mail quit flowing smoothly, it would get held for hours and then release. Then the mail seemed to function properly and on March 2 or perhaps late March 1st my mail began to misbehave again. The mail would queue for up to 5-6 hours and then I would get delivered a big chunk. Then they would queue up again and hours later another big chunk would come my way. No server changes were being made in this time frame. The first time we checked the server we found that Apache was pegging the server so we did an Apache reset which temporarily fixed the problem. The mail problems continued for several maddening days and then all of a sudden the mail started flowing "smoothly" again. However the mail started coming ALL marked as spam, HighScore spam, or Virus. None of the mail was coming through "unidentified". Suddenly yesterday some of the mail started coming through as unmarked but a lot of it was spam so a lot of spam (a LOT) of spam is still coming throun unidentifed. I was "blaming" SpamAssassin for the problem as the change in how my mail seemed to operate seemed to tie to what I read here about a change to the SpamAssassin product at the same time. Even when things seem to be working properly they aren't, i.e. I have to review all of my mail and manually sort it. Having Mailscanner identitfy something as spam only makes me slightly more suspicious of my email but I have to go through every single mail (at a subject level) and sort out what I think is spam. On rare occaision I delete mail that isn't spam and I still read a lot of mail that is spam to determine if it is spam or not. Obviously I am not the only one who is tired of spam but when you get 3000 mails on an average day, dealing with spam takes WAY too much of my time. I would like to come up with a solution that won't bog down my server and will more reliably sort my mail for me. Thanks for your time and trouble. Lew The problem, then, is with your vendor's SpamAssassin installation on your mailserver. Are you training the bayesian filter in that installation? Please discuss this with your vendor - it has nothing whatsoever to do with SpamCop. Thanks!
Recommended Posts
Archived
This topic is now archived and is closed to further replies.