On Mon, 24 Sep 2007, feral wrote:
> Here are the headers & bodies of 3 of the spams that got through
> (and are continuing to come through at a high rate):
> tests=BAYES_00,HELO_DYNAMIC_IPADDR2
> autolearn=no version=3.1.9
> tests=BAYES_00,HELO_DYNAMIC_IPADDR2,
> HELO_DYNAMIC_SPLIT_IP autolearn=no version=3.1.9
> X-Spam-Status: No, score=-0.6 required=4.0 tests=BAYES_00,HOT_NASTY,PORN_16
> autolearn=no version=3.1.9
Observations:
(1) Hardly any rules are hitting.
(2) Everything is getting BAYES_00.
The very first thing to look at is your Bayes database. How are you
training it, and how has it gotten so badly mistrained? Are you using
a Bayes database that is global to all your clients, or per-user Bayes
databases? How are you training? Is the user actually responsible
training, and the problem is basically their own fault?
Can you run "sa-learn --dump magic" and send us the output?
As Dave said, do you have network tests disabled?
--
John Hardin KA7OHZ
http://www.impsec.org/~jhardin/ jhardin@... FALaholic #11174 pgpk -a
jhardin@...
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Pelley: Will you pledge not to test a nuclear weapon?
Ahmadeinejad: CIA! Secret prison in Europe! Abu Ghraib!
-- Teflon Mahmoud in a 60 Minutes interview (9/20/2007)
-----------------------------------------------------------------------
244 days until the Mars Phoenix lander arrives at Mars
