Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: More Spam after upgrading to 6.0.5

  1. #11
    swrightsls is offline Senior Member
    Join Date
    Feb 2009
    Location
    Shawnigan Lake, BC, Canada
    Posts
    66
    Rep Power
    6

    Default

    Ok, got two spam in the junk folder, and the headers show it seems to be working:

    X-Spam-Status: Yes, score=13.668 tagged_above=-10 required=4
    tests=[BAYES_60=1, MISSING_DATE=0.001, MISSING_HEADERS=1.292,
    MISSING_MID=0.001, MISSING_SUBJECT=1.762, RCVD_IN_PBL=0.905,
    RCVD_IN_SORBS_WEB=0.619, RCVD_IN_SPAMRATS_NOPTR=2, RCVD_IN_XBL=3.033,
    RDNS_NONE=0.1, SEM_URI=0.5, SEM_URIRED=0.5, URIBL_BLACK=1.955]
    autolearn=spam

  2. #12
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    You can add this one as-well to your arsenal
    Code:
    ################################################################################
    # NIX SPAM RBL (http://www.dnsbl.manitu.net/)
    ################################################################################
    header          RCVD_IN_NIX_SPAM       eval:check_rbl('nix-spam-lastexternal','ix.dnsbl.manitu.net.')
    describe        RCVD_IN_NIX_SPAM       Listed in NIX-SPAM DNSBL (heise.de)
    tflags          RCVD_IN_NIX_SPAM       net
    score           RCVD_IN_NIX_SPAM       0.5

  3. #13
    swrightsls is offline Senior Member
    Join Date
    Feb 2009
    Location
    Shawnigan Lake, BC, Canada
    Posts
    66
    Rep Power
    6

    Default

    Here is the link from one that didn't get caught earlier today. This was before adding the extra DNSBL checks:

    Email Info - rdn4c1j9

  4. #14
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Cool .. I score at 8.76 so hopefully your new checks will sort things out for you a bit

  5. #15
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    EDIT: Cross-posted with the last several posts...

    Quote Originally Posted by swrightsls View Post
    I did do a zmamavisdctl reload - is that enough?
    Possibly not. You can look in salocal.cf to see if the changes made it through. In my case I went ahead and restarted zimbra entirely because it looked like they didn't. For me this seems to be a change from 5.x.

    What is the significance of the 'autolearn' tag?
    Good question. There is a settable numeric threshold which if exceeded will result in SA using the message for its Bayesian learning. The default is pretty high, and it's found in /opt/zimbra/conf/spamassassin/10_default_prefs.cf

    It actually has three settings:

    Code:
    bayes_auto_learn_threshold_nonspam  0.1
    bayes_auto_learn_threshold_spam             12.0
    bayes_auto_learn                    1
    The version of SA included in 6.0.5 seems to add some rules (or maybe it's just new reporting). In short there are some exceptions to the simple numeric threshold:
    Quote Originally Posted by relevant lines from selected files in /opt/zimbra/conf/spamassassin/
    10_default_prefs.cf:# UNDISC_RECIPS autolearn=spam version=2.60-cvs
    10_default_prefs.cf:add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_"

    20_body_tests.cf:tflags GTUBE userconf noautolearn

    60_awl.cf:tflags AWL userconf noautolearn
    60_shortcircuit.cf:add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ shortcircuit=_SCTYPE_ autolearn=_AUTOLEARN_ version=_VERSION_"
    60_whitelist.cf:# Note that most of these get 'noautolearn'. They should not be
    60_whitelist.cf:# considered when deciding whether to auto-learn a message, as a
    60_whitelist.cf:# user slip-up could result in scribbling side-effects in the bayes
    60_whitelist.cf:# db as a result -- which is hard to remedy.

    60_whitelist.cf:tflags USER_IN_BLACKLIST userconf noautolearn
    60_whitelist.cf:tflags USER_IN_WHITELIST userconf nice noautolearn
    60_whitelist.cf:tflags USER_IN_DEF_WHITELIST userconf nice noautolearn
    60_whitelist.cf:tflags USER_IN_BLACKLIST_TO userconf noautolearn
    60_whitelist.cf:tflags USER_IN_WHITELIST_TO userconf nice noautolearn
    60_whitelist.cf:tflags USER_IN_MORE_SPAM_TO userconf nice noautolearn
    60_whitelist.cf:tflags USER_IN_ALL_SPAM_TO userconf nice noautolearn
    60_whitelist_dk.cf:tflags USER_IN_DK_WHITELIST userconf nice noautolearn net
    60_whitelist_dk.cf:tflags USER_IN_DEF_DK_WL userconf nice noautolearn net
    60_whitelist_dk.cf:tflags ENV_AND_HDR_DK_MATCH userconf nice noautolearn net
    60_whitelist_dkim.cf:tflags USER_IN_DKIM_WHITELIST userconf nice noautolearn net
    60_whitelist_dkim.cf:tflags USER_IN_DEF_DKIM_WL userconf nice noautolearn net
    60_whitelist_dkim.cf:tflags ENV_AND_HDR_DKIM_MATCH userconf nice noautolearn net
    60_whitelist_spf.cf:tflags USER_IN_SPF_WHITELIST userconf nice noautolearn
    60_whitelist_spf.cf:tflags USER_IN_DEF_SPF_WL userconf nice noautolearn
    60_whitelist_spf.cf:tflags ENV_AND_HDR_SPF_MATCH userconf nice noautolearn
    60_whitelist_subject.cf:# Note that most of these get 'noautolearn'. They should not be
    60_whitelist_subject.cf:tflags SUBJECT_IN_WHITELIST userconf nice noautolearn
    60_whitelist_subject.cf:tflags SUBJECT_IN_BLACKLIST userconf noautolearn
    More info: Mail::SpamAssassin::Conf - SpamAssassin configuration file and Mail::SpamAssassin::Plugin::AutoLearnThreshold - threshold-based discriminator for Bayes auto-learning

    This probably explains why I'm seeing "autolearn=spam" on some messages and "autolearn=no" on others, even though they have similar scores. However I seem to remember seeing some mail items marked as "autolearn=spam" even though their scores were less than 12. I don't have any samples at the moment to investigate, though.

  6. #16
    swrightsls is offline Senior Member
    Join Date
    Feb 2009
    Location
    Shawnigan Lake, BC, Canada
    Posts
    66
    Rep Power
    6

    Default

    Here's another very spammy email that just came through:

    ATM

  7. #17
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    Update on my previous note, it seems that another reason a message may autolearn (or not) even though it's below/above the default threshold is this:
    [...]the score used to trigger autolearning is somewhat different than the one reported in the final score; therefore a score displayed in the headers that obstensibly should trigger autolearning will not do so. Again, use the "-D" flag to SpamAssassin, and you will see the score that is used to determine whether or not autolearning will be triggered.

    Finally, SpamAssassin requires at least 3 points from the header and 3 points from the body, to auto-learn as spam. If either section contributes fewer points, the message will not be auto-learned.
    And regarding the actual header message, this is controlled by amavisd-new, not spamassassin, and was implemented in amavisd-new 2.6.2 See http://www.ijs.si/software/amavisd/release-notes.txt
    - insert autolearn=... information field into an X-Spam-Status header field,
    similar to how SpamAssassin does it; suggested by Jonathan Skanes;
    ZCS 5.0.20 I believe uses amavisd-new 2.5.4, so that's why I'm seeing the change.

  8. #18
    wdman is offline Active Member
    Join Date
    Sep 2007
    Posts
    38
    Rep Power
    7

    Default

    After upgrading from 6.04 to 6.05 I get more spam to Inbox.

    Also the mj doesn't seem to work when used from search results. It does move the email from search result, but the email doesn't get moved to Junk folder.

    (There's no "moved 1 email to Junk" AJAX notification when doing the mj command).

  9. #19
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Why do you believe you are getting more SPAM ? Any examples ? Did you make any custom changes before ?

    With respect to the keyboard shortcut have you checked Bugzilla Main Page - Zimbra to see if it has been filed ? and if it has not go ahead and raise one.

  10. #20
    wdman is offline Active Member
    Join Date
    Sep 2007
    Posts
    38
    Rep Power
    7

    Default

    AJAX notification seems to appear with 6.06.

    When marking spam as Junk - either via "mj" or selecting "Junk" - the message gets marked as NOT Spam/Junk. This happens with saved search "is:unread".
    Probably related to Bug 45906 – Junk button not working correctly

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 3
    Last Post: 02-18-2010, 02:44 AM
  2. Most of mails showing SPAM & discarded
    By siw919 in forum Administrators
    Replies: 27
    Last Post: 01-12-2010, 01:53 PM
  3. Replies: 5
    Last Post: 04-27-2009, 04:02 AM
  4. Weird behaviors and LOTS of spam.
    By zwvpadmin in forum Administrators
    Replies: 7
    Last Post: 01-02-2009, 10:26 AM
  5. Major SPAM to one account
    By CarputerTech in forum Administrators
    Replies: 4
    Last Post: 09-04-2008, 10:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •