Re: [Nolug] SA Questions

From: Scott Harney <scotth_at_scottharney.com>
Date: Mon, 13 Oct 2003 18:26:29 -0500
Message-ID: <87y8vo7m8q.fsf@zenarcade.local.lan>

"J. Kent Busbee, Jr." <buz@penwel.com> writes:

> 1. Why does SpamAssassin tag the Received header from nolug email list
> as FORGED?
>
> ---- Start SpamAssassin results
> 5.90 points, 5 required;
> * -0.5 -- Has a In-Reply-To header
> * -0.5 -- Has a valid-looking References header
> * -0.5 -- BODY: Contains what looks like a quoted email text
> * 1.3 -- trail of Received: headers seems to be forged
> * 2.3 -- 'From' yahoo.com does not match 'Received' headers
> * -0.5 -- Reply with quoted text
> * 4.3 -- Received headers are forged
>
> ---- End of SpamAssassin results

I could go on a rant about sendmail and virtual host config here, but
I won't :) suffice it to say, it's easier not to make this mistake
in other mailers because they're a HECK of a lot easier to configure
especially for virtual domain hosting configurations.
Received: from wsip-68-15-165-12.no.no.cox.net (HELO vkh.joeykelly.net) (68.15.\ 165.12)
note the mismatch.....

My SA doesn't tag nolug as forged though. though perhaps due to
bayesian learning. read on for that...

>
> 2. How can I get a SA Report after an email is received? For instance,
> I get an email which is obviously spam, but does not rise to the 5 point
> mark. I would like to send back through the SA filter to see what
> points ARE tagged to it so that I can tweak to filters to work better.
> FYI, I am pulling from my email server using POP3.

Bayes learning in SA is automated but as you've noticed, it's missed
an occassional spam. sa-learn can help you there. man sa-learn
to find out more. Basically copy or move any "spam" into a special
mbox (or maildir folder) -- ie. "missed-spam". You can also do
the same with miscategorized "ham". Then do something like (as root)
#sa-learn --spam --mbox path/to/missed-spam
(output snipped)
#sa-learn --ham --mbox path/to/goofed-ham 

-- 
Scott Harney<scotth@scottharney.com>
"...and one script to rule them all."
gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
___________________
Nolug mailing list
nolug@nolug.org
Received on 10/13/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST