Include SPAM weight on every filter on mail headers (explained)
Idea shared by Omar Cassara - 4/21/2015 at 7:22 AM
Will be great if instead of write:
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, Commtouch 25 [value: Bulk], ISpamAssassin 5 [raw: 3], DK_Pass, DKIM_Pass, Custom Rules []
Smartermail writes the weight of every filter applied, e.g.:
X-SmarterMail-Spam: SPF_Pass [-3] , Bayesian Filtering [20], Commtouch 25 [value: Bulk] [25], ISpamAssassin 5 [raw: 3] [5], DK_Pass [-10], DKIM_Pass, Custom Rules [][50]

5 Replies

Reply to Thread
I have to agree. This stuff is tough without an easier way to access the data. If this is already possible, please, please respond to some info. If it isn't I would strongly suggest it for future users.
IDK I've always disliked how it crowbars passes and fails into one giant glob
I'd rather see passes and fails in separate headers or to be able to optionally control which appear in the standard header.
The delivery logs would be verbose to contain it all, but in my case, it is alot of added fluff to the headers to have both passes and fails and the proposed would just add more characters to be mime encoded and further inflate the size of the message
We've been looking at other hosting solutions and sites like Intermedia list the spam scores so that you can understand why the score was reached. In their case, we can't change any of the spam tools they are using, but here, where we could better understand how and why a particular score was reached, it would be helpful in making sure that our spam setting were actually being useful.
Currently the Spam filter report in the delivery log list all pass and failed tests in one line and it makes it hard to tell what test failed. Customers have a hard time understanding what headers are let along getting them to send them to me when there is a problem. So I get left with this long list and a pencil and paper trying to figure it out.
2016.01.15-delivery.log(116): 00:08:05 [42087] Spam check results: [_REVERSEDNSLOOKUP: passed], [_SPF: None], [_CUSTOMRULES: ], [BARRACUDA - BRBL: passed], [CBL- ABUSE SEAT: passed], [GEOBL: passed], [GEOBL - AFRICA: passed], [GEOBL - ASIA: passed], [GEOBL - SOUTH-AMERICA: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [SEM-BACKSCATTER: passed], [SEM-BLACK: passed], [SEM-URIRED: passed], [SORBS - ABUSE: passed], [SORBS - DYNAMIC IP: passed], [SORBS - PROXY: passed], [SORBS - SMTP: passed], [SORBS - SOCKS: passed], [SORBS - SPAMTRAP: passed], [SPAMCOP: passed], [SPAMHAUS - CBL: passed], [SPAMHAUS - CSS: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [SURBL - ABUSE BUSTER: passed], [SURBL - JWSPAMSPY: 2 results failed], [SURBL - MALWARE: passed], [SURBL - PHISHING: 2 results failed], [SURBL - SPAMASSASSIN: passed], [SURBL - SPAMCOP: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: passed], [UCEPROTECT LEVEL 3: passed], [URIBL -  BLACK: passed], [URIBL -  GREY: passed], [URIBL -  MULTI: passed], [URIBL -  RED: passed], [VIRUS RBL - MSRBL: passed]
Here is what I would like to see. I don't need to know the tests that passed. Give me just a list that failed, scores on the tests and the total would also help a lot. This should be to hard since it is already put in the headers.
2016.01.15-delivery.log(116): 00:08:05 [42087] Spam check results:  [SURBL - JWSPAMSPY: 2 results failed: Spam Score:10], [SURBL - PHISHING: 2 results failed: Spam Score:10], Total Spam Score: 20
Any more Idea's, Comments or Flames from the Community?
Kendra Support http://www.kendra.com support@kendra.com 425-397-7911 Junk Email filtered ISP
There's another part of the spam issue which can cloud the understanding, and that is the fact that there is no "standard" for scoring spam.
We use one standard, and it works well for us.  Our "standard" does not include external spam filtering, so, attempting to explain how and why our scoring works, or, in case you don't agree, doesn't work, is like comparing apple juice to brake fluid - there's nothing to correlate between the the two, and, therefore, no real comparison, except that both are fluids.
Spam filtering is not only dependent on whether you are using external filters, but how the external scoring and weights are configured, how the internal weights are configured, and how the "triggers" are defined -- and interact with each other.
While I realize that my comments may server only to confuse further, and I do agree, the log results format in SmarterMail (which used to wrap in the search window, and haven't since about version 10.7 [approximately], they can be downloaded and searched with other tools.   SmarterMail's 14 also brings the capability to search multiple dates, and that can help resolve issues which, otherwise, might escape notice, when dealing only with a single date search when trying to resolve delivery and spam issues.
Finally, remember that there are also some very nice log parsing tools which are available via a quick Google search.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread