[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SpammAssassin in 9.3 lets spam pass trhough

To: SuSE Security List <suse-security@xxxxxxxx>
Subject: Re: [suse-security] SpammAssassin in 9.3 lets spam pass trhough
From: "Carlos E. R." <robin1.listas@xxxxxxxxxx>
Date: Sun, 8 May 2005 20:37:47 +0200 (CEST)
Delivered-to: mailing list suse-security@xxxxxxxx
In-reply-to: <200505081037.30737.andreas.philipp@xxxxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <Pine.LNX.4.61.0505071249120.12223@xxxxxxxxxxxxxxxx> <200505080953.47020.jure@xxxxxxxxxx> <Pine.LNX.4.61.0505081342140.9484@xxxxxxxxxxxxxxxx> <200505081037.30737.andreas.philipp@xxxxxxxxxxxx>

The Sunday 2005-05-08 at 10:37 -0500, Andreas Philipp wrote:

> > X-Spam-Status: No, score=4.9 required=5.0 tests=AWL,BAYES_99,HTML_20_30,
> >     HTML_IMAGE_ONLY_24,HTML_MESSAGE autolearn=no version=3.0.2
> 
> A bayes_99 test result contributes in my standard setup of SA 3.0.3 exactly 
> 4.1 points to the final score; see this example report:
> 

True.

> X-Spam-Report: 
> *  0.5 TO_MALFORMED To: has a malformed address
> * -2.9 ALL_TRUSTED Did not pass through any untrusted hosts
> *  2.5 DATE_IN_FUTURE_48_96 Date: is 48 to 96 hours after Received: date
> *  2.5 DOMAIN_RATIO BODY: Message body mentions many internet domains
> *  0.5 HTML_COMMENT_SAVED_URL BODY: HTML message is a saved web page
> *  1.1 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
> *  0.0 HTML_90_100 BODY: Message is 90% to 100% HTML
> *  0.0 HTML_MESSAGE BODY: HTML included in message
> *  2.7 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
> *  4.1 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
> *      [score: 1.0000]
> *  1.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> *  0.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME headers
> *  1.8 PRIORITY_NO_NAME Message has priority, but no X-Mailer/User-Agent
> 
> Your setup requires a final score >= 5.0 to trigger the message being marked 
> as Spam, but the final score on your message is only 4.9. The Bayes testing 
> score alone will never trigger a message to be marked as Spam, unless you 
> increment its contributing score or lower the threshold for a message to be 
> marked as Spam. In your current setup, this message, even with a positive 
> BAYES_99 test result, isn't 'spammy' enough to reach 5.0 points.

I know... it is unfortunate. Either SA needs updating for new kind of 
spams with new rules, or I change the scoring. I'm inclined to do that, 
but I'm unsure of what score to give it. Probably just increase all of the 
bayes scores proportionately till BAYES_99 is 4.9 or 5.

-- 
Cheers,
       Carlos Robinson

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] SpammAssassin in 9.3 lets spam pass trhough
  - From: John Andersen

References:
- [suse-security] SpammAssassin in 9.3 lets spam pass trhough
  - From: Carlos E. R.
- Re: [suse-security] SpammAssassin in 9.3 lets spam pass trhough
  - From: Jure Koren
- Re: [suse-security] SpammAssassin in 9.3 lets spam pass trhough
  - From: Carlos E. R.
- Re: [suse-security] SpammAssassin in 9.3 lets spam pass trhough
  - From: Andreas Philipp

Prev by Date: Re: [suse-security] SpammAssassin in 9.3 lets spam pass trhough
Next by Date: [suse-security] SuSEfirewall and VPN routing
Previous by thread: Re: [suse-security] SpammAssassin in 9.3 lets spam pass trhough
Next by thread: Re: [suse-security] SpammAssassin in 9.3 lets spam pass trhough
Index(es):
- Date
- Thread