[Web-cyradm] How to resend messages?

Leon Kolchinsky lkolchin at univ.haifa.ac.il
Tue Nov 7 15:08:28 CET 2006 

Thanks for suggestions Michael, Robert,


But implementing Michael's suggestion is very problematic here - 

As you can see below I've got a lot of real spam tagged (hits=) 5.1,5.2,5.3:
--------------------------------------------------------------------

# grep 'X-Spam-Status: Yes, hits=5' spam/*
spam/2140.:X-Spam-Status: Yes, hits=5.0 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_56,
spam/2142.:X-Spam-Status: Yes, hits=5.9 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_60,
spam/2144.:X-Spam-Status: Yes, hits=5.9 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_44,
spam/2197.:X-Spam-Status: Yes, hits=5.8 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_44,
spam/2201.:X-Spam-Status: Yes, hits=5.9 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_30,
spam/2204.:X-Spam-Status: Yes, hits=5.2 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_10,
spam/2208.:X-Spam-Status: Yes, hits=5.8 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_01,
spam/2212.:X-Spam-Status: Yes, hits=5.8 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_60,
spam/2248.:X-Spam-Status: Yes, hits=5.1 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50,
spam/2279.:X-Spam-Status: Yes, hits=5.1 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50,
spam/2283.:X-Spam-Status: Yes, hits=5.1 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50,
spam/2284.:X-Spam-Status: Yes, hits=5.1 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50,
spam/2286.:X-Spam-Status: Yes, hits=5.1 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50,
spam/2293.:X-Spam-Status: Yes, hits=5.1 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50,
spam/2294.:X-Spam-Status: Yes, hits=5.1 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50,
spam/2295.:X-Spam-Status: Yes, hits=5.1 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50,
spam/2297.:X-Spam-Status: Yes, hits=5.0 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_44,
spam/2307.:X-Spam-Status: Yes, hits=5.1 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50,
spam/2313.:X-Spam-Status: Yes, hits=5.3 tag1=-999.0 tag2=5.0 kill=5.0 tests=CLICK_BELOW,
spam/2365.:X-Spam-Status: Yes, hits=5.6 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_90,


And there a lot of ham tagged with 5.1,5.2,...

# grep 'X-Spam-Status: Yes, hits=5' ham/*
ham/1.:X-Spam-Status: Yes, hits=5.7 tag1=-999.0 tag2=5.0 kill=5.0 tests=HTML_50_60,
ham/10.:X-Spam-Status: Yes, hits=5.4 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_44,
ham/17.:X-Spam-Status: Yes, hits=5.6 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_44,
ham/18.:X-Spam-Status: Yes, hits=5.6 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_44,
ham/19.:X-Spam-Status: Yes, hits=5.9 tag1=-999.0 tag2=5.0 kill=5.0
ham/21.:X-Spam-Status: Yes, hits=5.9 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50,
ham/22.:X-Spam-Status: Yes, hits=5.9 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_44,
ham/25.:X-Spam-Status: Yes, hits=5.1 tag1=-999.0 tag2=5.0 kill=5.0
ham/27.:X-Spam-Status: Yes, hits=5.6 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_44,
ham/28.:X-Spam-Status: Yes, hits=5.7 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_99,
ham/30.:X-Spam-Status: Yes, hits=5.2 tag1=-999.0 tag2=5.0 kill=5.0
ham/31.:X-Spam-Status: Yes, hits=5.2 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_01,
ham/32.:X-Spam-Status: Yes, hits=5.2 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_30,
ham/33.:X-Spam-Status: Yes, hits=5.5 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_00,
ham/35.:X-Spam-Status: Yes, hits=5.1 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_44,
ham/38.:X-Spam-Status: Yes, hits=5.9 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_30,
ham/39.:X-Spam-Status: Yes, hits=5.4 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_99
ham/4.:X-Spam-Status: Yes, hits=5.6 tag1=-999.0 tag2=5.0 kill=5.0 tests=HTML_MESSAGE,
ham/40.:X-Spam-Status: Yes, hits=5.5 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_00,
ham/41.:X-Spam-Status: Yes, hits=5.5 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_00,
ham/42.:X-Spam-Status: Yes, hits=5.5 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_00,
ham/43.:X-Spam-Status: Yes, hits=5.5 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_00,
ham/44.:X-Spam-Status: Yes, hits=5.1 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50,
ham/7.:X-Spam-Status: Yes, hits=5.7 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50,
------------------

Even if I tech BAYESIAN DB as amavis user and try to resend "ham" message, SA keeps identifying it as spam and put it in quarantine.

For example:
------------
# sendmail -itf noa_egozi at hotmail.com < /var/spool/imap/user/spamcop/ham/17.
# grep noa_egozi at hotmail.com /var/log/amavis.log Nov  7 11:45:20 mail.mydomain.ac.il amavisd[10839]: (10839-06) ESMTP::10024 /var/spool/amavis/amavis-20061107T114214-10839: <noa_egozi at hotmail.com> -> <mathcntr at mail.mydomain.ac.il> Received: SIZE=5467 from mail.mydomain.ac.il ([127.0.0.1]) by localhost (mail.mydomain.ac.il [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10839-06 for <mathcntr at mail.mydomain.ac.il>; Tue,  7 Nov 2006 11:45:20 +0200 (IST) Nov  7 11:45:20 mail.mydomain.ac.il amavisd[10839]: (10839-06) Checking: <noa_egozi at hotmail.com> -> <mathcntr at mail.mydomain.ac.il> Nov  7 11:45:23 mail.mydomain.ac.il amavisd[10839]: (10839-06) SPAM, <noa_egozi at hotmail.com> -> <mathcntr at mail.mydomain.ac.il>, Yes, hits=5.6 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50, FORGED_HOTMAIL_RCVD2, HTML_FONT_BIG, HTML_MESSAGE, MIME_HEADER_CTYPE_ONLY, MIME_HTML_ONLY, NO_REAL_NAME, quarantine spam-47d276560a19b33a3ea18035405e4804-20061107-114523-10839-06 (spamcop at mydomain.ac.il)
Nov  7 11:45:23 mail.mydomain.ac.il amavisd[10839]: (10839-06) BAD HEADER from <noa_egozi at hotmail.com>: Improper use of control character (char 0D hex) in message header 'Received'\n  Received: ...haifa.ac.il ([unix socket])\\r\\n\\tby mail.edu.h...\n                                          ^
Nov  7 11:45:23 mail.mydomain.ac.il amavisd[10839]: (10839-06) Not-Delivered, <noa_egozi at hotmail.com> -> <mathcntr at mail.mydomain.ac.il>, quarantine spam-47d276560a19b33a3ea18035405e4804-20061107-114523-10839-06, Message-ID: <20061030113324.6A04B200E0 at www.mydomain.ac.il>, Hits: 5.577


These are the headers of this specific mail (Some of these headers, the upper ones, are from mail relay that is managed by another admin and listed before mine as MX record in DNS):
--------------------------------------------
Return-Path: <MAILER-DAEMON at mail.mydomain.ac.il>
Received: from mail.mydomain.ac.il ([unix socket])
	by mail.mydomain.ac.il (Cyrus v2.2.3) with LMTP; Mon, 30 Oct 2006 13:36:55 +0200
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost [127.0.0.1])
	by mail.mydomain.ac.il (Postfix) with ESMTP id 8C9E31C379
	for <spamcop at mydomain.ac.il>; Mon, 30 Oct 2006 13:36:55 +0200 (IST)
X-Envelope-To: <mathcntr at mail.mydomain.ac.il>
X-Envelope-From: <wwwrun at www.mydomain.ac.il>
X-Quarantine-id: <spam-88a5a789750e792aafbdb35c638f04fc-20061030-133655-02873-03>
Received: from mr3.haifa.ac.il (mr3.haifa.ac.il [132.74.1.219])
	by mail.mydomain.ac.il (Postfix) with ESMTP id 51E291F7FE
	for <mathcntr at construct.haifa.ac.il>; Mon, 30 Oct 2006 13:36:54 +0200 (IST)
Received: from localhost (localhost [127.0.0.1])
	by mr3.haifa.ac.il (Postfix) with ESMTP id 20A5019105
	for <mathcntr at construct.haifa.ac.il>; Mon, 30 Oct 2006 13:20:40 +0200 (IST)
X-Virus-Scanned: amavisd-new at haifa.ac.il
Received: from mr3.haifa.ac.il ([127.0.0.1])
	by localhost (mr3.haifa.ac.il [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id TTzCk2m8o8M9 for <mathcntr at construct.haifa.ac.il>;
	Mon, 30 Oct 2006 13:20:39 +0200 (IST)
Received: from www.mydomain.ac.il (www.mydomain.ac.il [132.74.41.30])
	by mr3.haifa.ac.il (Postfix) with ESMTP id E94E8190F5
	for <mathcntr at construct.haifa.ac.il>; Mon, 30 Oct 2006 13:20:39 +0200 (IST)
Received: by www.mydomain.ac.il (Postfix, from userid 30)
	id 6A04B200E0; Mon, 30 Oct 2006 13:33:24 +0200 (IST)
To: mathcntr at construct.haifa.ac.il
Subject: mailing list
From: noa_egozi at hotmail.com
Content-type: text/html; charset=windows-1255
Message-Id: <20061030113324.6A04B200E0 at www.mydomain.ac.il>
Date: Mon, 30 Oct 2006 13:33:24 +0200 (IST)
X-Spam-Status: Yes, hits=5.6 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_44,  FORGED_HOTMAIL_RCVD2, HTML_FONT_BIG, HTML_MESSAGE, MIME_HEADER_CTYPE_ONLY,  MIME_HTML_ONLY, NO_REAL_NAME
X-Spam-Level: *****
-----------------------------------


Any Suggestions?


Best Regards,
Leon Kolchinsky





-----Original Message-----
From: web-cyradm-bounces at web-cyradm.org [mailto:web-cyradm-bounces at web-cyradm.org] On Behalf Of Muenz, Michael
Sent: Monday, November 06, 2006 5:30 PM
To: web-cyradm at web-cyradm.org
Subject: Re: [Web-cyradm] How to resend messages?

> Actually I didn't set the score of BAYES_99. It's the default 
> one as I have not changed it, I don't really know its value 
> (I believe you say that it is 5.0).

Your kill-level is 5.0 and the score for BAYES_99 is 5.4. 
I would twist it, kill-level 5.4 and BAYES_99 to 5.0 :)
_______________________________________________
This mailing list is hosted and supported
by bit-heads GmbH | http://www.bit-heads.ch

_______________________________________________
Web-cyradm mailing list
Web-cyradm at web-cyradm.org
http://www.web-cyradm.org/mailman/listinfo/web-cyradm

More information about the Web-cyradm mailing list