Spam filtering questions
Question asked by Jay Altemoos - October 26, 2016 at 11:04 AM
Is there a way besides the log file to check and see what spam checks an email either passed or failed? The reason why I ask is because an email that got delivered here to our office is definitely spam. It has been reported previously but I have a hunch that the spammer just spoofed a different address or IP and Sm scores it low and allows it through anyways.
Here's a part of the header where SM scored it:
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, ISpamAssassin 0 [raw: 0], DKIM_Pass, Custom Rules [], URIBL:4
X-SmarterMail-TotalSpamWeight: 16
Now, the email failed all 4 URIBL's I have setup in the anti-spam list. Our setting for low level spam is 10, medium is 20 and high level is 30. Now the log file tells me [URIBL: 4 results failed] but never mentions which ones. I am guessing that it's all of them and the rest of the spam checks pass with flying colors. So why is it that when a user submits something to the spam filter that it just gets through anyways? Is my scoring too low for the URIBL checks? They are all set to a score of 4. I didn't want to make them too high in fear that if a legit email did fail the test that it would still go through, but it seems the filtering process right now is too light on the scoring method.
Thoughts? I did start looking through Bruce's document for spam filtering and will tweak what I need to from that. Just wanted to make sure I am not missing anything else. What score is everyone else using with URIBL?

1 Reply

Reply to Thread
Von-Austin See Replied
Employee Post
The message headers are the only other area in which this information can be found. Reviewing Bruce's document will definitely be the best course of action as it gives great recommendations on recommended values for the URIBL weights. We typically see weights ranging from 5-10, with maximum weights of 20-30 across customer deployments. 
Regarding the user submitting items for the spam filter, this will only effect the bayesian filtering check. Depending on how many users are reporting Spams, the list may just not be updated quick enough. If you edit the Bayesian filtering spam check, there should be a value for Messages required for filter update, you can reduce the number from 3000 to 300 so that less mail is required for the learning algorithm to kick in.
Von See
Technical Support Supervisor
SmarterTools Inc.
(877) 357-6278

Reply to Thread