What is an effective Spamassassin filter level?

[Demani]

New to this mail server stuff.

I’ve sent about 13,000 emails in for training as spam- and spam came in.

I moved the level from 10 to 7 to 6. Spam came in.

I did the fix from Thinbits on linking the spamassassin databases of learned messages. Still lots of spam.

First- can someone look at this header info and see if anything looks blatantly missing or wrong? And second- what level do you use when setting the filter level? And how does an obvious spam get a negative rating? Finally, whats the status

One definite spam:
X-Sieve: CMU Sieve 2.2
Message-Id: <[email protected]>
X-Virus-Scanned: by amavisd-new at mydomain.com
X-Spam-Status: No, hits=3.435 tagged_above=-999 required=6 tests=RCVD_HELO_IP_MISMATCH, RCVD_NUMERIC_HELO
X-Spam-Level: ***

Another:
-Virus-Scanned: by amavisd-new at mydomain.com
X-Spam-Status: No, hits=-2.372 tagged_above=-999 required=14 tests=ALL_TRUSTED, HTML_80_90, HTML_MESSAGE
X-Spam-Level:

[maccanada]

Right, mine is set at 3 and I get maybe one or two sneak through each day…eventually they get picked up on the bayesian rules…

The ALL_TRUSTED rule is getting hit more frequently – it means the message hasn’t passed through any suspect hosts. I think it’s down to zombie pc’s getting used as mailers and the message comes through major ISP’s. (A google search for ALL_TRUSTED shows a lot of discussion). This will negatively score the message.

You can either lower your level setting, raise the score for the rules that are getting triggered (in 50_scores.cf in /usr/share/spamassassin), write your own rules tailored to the kind of messages you’re receiving or lower the score for the ALL_TRUSTED rule (it’s also in 50_scores.cf in /usr/share/spamassassin)

You’re also not getting any Bayesian rules triggered, are you running the learn_junk_mail script?

There’s an article on writing rules (among other things)…

[thinbits]

Your headers don’t show any bayesian filtering happening. That could be caused by a number of factors:

– You have not learned enough spam AND ham. I think you need to learn at least 200 of each or the filter won’t turn on. I’ve read that 1000 is optimal.

– Your machine might be learning into a different database location. From the posts I’ve read here, the OS learns into the correct database for some people, into amavisd location (my problem), and I’ve seen reports of a third place people have seen it. Assuming your locate database is up to date and you’ve learned over 200 spam and ham, do a “locate bayes_toks” and see what directories pop up.

For me, once the bayesian filtering kicked in, a filter level of 5 was sufficient. I get headers like the following:

X-Spam-Status: Yes, hits=8.766 tagged_above=-999 required=5 tests=BAYES_99, EXCUSE_1, HTML_80_90, HTML_IMAGE_ONLY_16, HTML_IMAGE_RATIO_02, HTML_MESSAGE
X-Spam-Level: ********
X-Spam-Flag: YES

The bayes filter catches 99+% of all my spam now.

Dave

[Author]

Posts