I'm testing SpamAssassin on one server... www3. I needed a live environment testbed to run with, and since hostpc.com is on this server, well....


Anyway, here's what I'm finding.

Spam is continuing to flow in, but headers are being appended with this information.


X-Spam-Status: No, hits=3.0 required=5.0
tests=HTML_10_20,HTML_MESSAGE,INVALID_DATE,MIME_HT ML_NO_CHARSET,
MIME_HTML_ONLY
version=2.55
X-Spam-Level: ***
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)


I've also received one with the following:

X-Spam-Flag: YES
X-Spam-Status: Yes, hits=5.5 required=5.0
tests=HTML_IMAGE_ONLY_02,HTML_IMAGE_RATIO_02,HTML_ MESSAGE,
HTML_WEB_BUGS,MEET_SINGLES,MIME_HTML_ONLY
version=2.55
X-Spam-Level: *****
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

This mail is probably spam. The original message has been attached
along with this report, so you can recognize or block similar unwanted
mail in future. See http://spamassassin.org/tag/ for more details.


Content analysis details: (5.50 points, 5 required)
MEET_SINGLES (2.8 points) BODY: Meet Singles
HTML_WEB_BUGS (0.1 points) BODY: Image tag with an ID code to identify=
you
HTML_MESSAGE (0.1 points) BODY: HTML included in message
HTML_IMAGE_RATIO_02 (0.5 points) BODY: HTML has a low ratio of text to=
image area
HTML_IMAGE_ONLY_02 (1.9 points) BODY: HTML has images with 0-200 bytes of=
words
MIME_HTML_ONLY (0.1 points) Message only has text/html MIME parts

The original message did not contain plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.





Now, the version that happens to be on this server is: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) - which according to their site, is an older version - they're now on " Latest release: 2.63 ".

My objective, hopefully this weekend, will be to upgrade to a newer version, and still retain favorable results.

This isn't addressing the AntiVirus issue, but thats another battle to be tackled, and it's on my radar screen... just clearing my desk so I can tackle it.

Joe

FYI:

On each one thats flagged as SPAM, the original message is included as either an attachment, or inline display.... we're NOT filtering the messages with this method, just scanning them for potential spam... and hopefully eliminating some of the junk from our, and everyone elses mailboxes.

I like the idea of a spam filter marking headers since that's easy enough to set up mail client filters for...but I do want to voice my opinion about spam / questionable messages being attached versus inline. I definitely prefer inline, since those messages are far easier to filter and deal with client side than attached messages (I've found).

Thanks again for all you do about this, and for even bothering to tell us what you are up to.

I'd agree with Dan. Getting the scanning done on the server and just adding the spam flags to the x-headers is HUGE! Leaving the message in-line will please those who don't want to do anything with the spam. For those who want to filter it out at the client, the x-headers give a great start in eliminating the redundant spam. :angry:

Thanks Joe for keeping after this. It will be a great help for those (like me) that are in charge of a bunch of users where installing a spam-stopper application on each client is not feasible or maintainable.

I agree with the inline attachment as the attached messages cannot be replied to quoted.

My BIGGEST problem though is that the SpamAssassin for now is killing a LOT of my legit emails!

Even worse, I noticed that after the first message is marked spam, any subsequent emails from the same email address arrive zeroed out to me (so I just receive an empty message).

Disturbing and annoying. Is there any way to individually modify the settings? Some of the emails filtered out donot make sense how they get tagged as spam either.

As much as I appreciate some spam control, I must insist that there is control to individual domains and/or the abitity to completely disable it for the domain.

This is now affecting my business as the emails marked spam are from my business accounts!

ahalikias - what domain is yours?

Joe, YGPM

Taking a look at the website, it looks like Joe may have to check the configuration file and make sure that the OK_LANGUAGES, and OK_LOCALES is set correctly.

Your mail might be getting a high SPAM score because of the language.

Just my 2 micro-cents worth.

One more thought...
Let Joe know what RULE is driving the score up to SPAM level by looking in the x-message headers.

Great idea Joe! I am planning on implementing Spam Assassin on my own servers soon, it's great to see it work before I do this myself.

Originally posted by tnas@May 5 2004, 08:13 AM
Taking a look at the website, it looks like Joe may have to check the configuration file and make sure that the OK_LANGUAGES, and OK_LOCALES is set correctly.

Your mail might be getting a high SPAM score because of the language.

Just my 2 micro-cents worth.

One more thought...
Let Joe know what RULE is driving the score up to SPAM level by looking in the x-message headers.
Right now virtually everything is driving up the score.

- over 80% of email is HTML = bad.
- html included in message = bad
- instructions on how to remove from list = bad even if you have agreed to the newsletter
- saying that you can be removed from the list = bad
- bigger size fonts = bad
- HTML has a "b" tag = bad
- HTML title contains no text = bad (as all html email programs do)
- BODY: Includes a URL link to send an email
- Asks you to click below

All these and more drive up the score of legitimate emails to 11+ when just over 2.5 is enough to be considered spam!!

Now don't get me wrong, I want to get rid of my spam, but I also need more control of my spam settings to avoid such situations.