1
Spam filtering questions
Question asked by Jay Altemoos - 10/26/2016 at 11:04 AM
Unanswered
Is there a way besides the log file to check and see what spam checks an email either passed or failed? The reason why I ask is because an email that got delivered here to our office is definitely spam. It has been reported previously but I have a hunch that the spammer just spoofed a different address or IP and Sm scores it low and allows it through anyways.
 
Here's a part of the header where SM scored it:
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, ISpamAssassin 0 [raw: 0], DKIM_Pass, Custom Rules [], URIBL:4
X-SmarterMail-TotalSpamWeight: 16
 
Now, the email failed all 4 URIBL's I have setup in the anti-spam list. Our setting for low level spam is 10, medium is 20 and high level is 30. Now the log file tells me [URIBL: 4 results failed] but never mentions which ones. I am guessing that it's all of them and the rest of the spam checks pass with flying colors. So why is it that when a user submits something to the spam filter that it just gets through anyways? Is my scoring too low for the URIBL checks? They are all set to a score of 4. I didn't want to make them too high in fear that if a legit email did fail the test that it would still go through, but it seems the filtering process right now is too light on the scoring method.
 
Thoughts? I did start looking through Bruce's document for spam filtering and will tweak what I need to from that. Just wanted to make sure I am not missing anything else. What score is everyone else using with URIBL?

3 Replies

Reply to Thread
0
Employee Replied
Employee Post
Jay,
 
The message headers are the only other area in which this information can be found. Reviewing Bruce's document will definitely be the best course of action as it gives great recommendations on recommended values for the URIBL weights. We typically see weights ranging from 5-10, with maximum weights of 20-30 across customer deployments. 
 
Regarding the user submitting items for the spam filter, this will only effect the bayesian filtering check. Depending on how many users are reporting Spams, the list may just not be updated quick enough. If you edit the Bayesian filtering spam check, there should be a value for Messages required for filter update, you can reduce the number from 3000 to 300 so that less mail is required for the learning algorithm to kick in.
0
Jay Altemoos Replied
Hi Von. Thanks for the information you provided. I appreciate it. I did reduce the Bayesian email number from 3000 to 100 about 2 weeks ago. I have seen the bayes.dat files accumulating in the Smartertools folder. So it is rebuilding.

Here's my question on the Bayesian rebuild since we are on that subject, does the rebuild only happen after 100 emails are reported by users?
0
Employee Replied
Employee Post
Jay this is correct, the filter will rebuild only after 100 e-mails are classified as confirmed spam, or confirmed not spam.

Reply to Thread