SpamFilter Blocking Everything |
Post Reply 
|
| Author | |
Matt 
Guest Group 
|
 Post Options
 Thanks(0)
 Quote Reply
 Topic: SpamFilter Blocking EverythingPosted: 28 July 2005 at 5:06pm |
|
I am running v. 2.5.1.441 557 This email is rejected. It contains keywords rejected by the antispam content filter. Bayesian Filter - Rejected - 100% spam I have sent messages from different email address on different domains and all of them are rejected with 100%. Everything had been working until I added another Local Domain. Any suggestions on things to try? Any help is appreciated.
-Matt C. |
|
 |
|
|
Marcus
Newbie 
Joined: 25 July 2005 Location: United States Status: Offline Points: 21 |
Post Options
Thanks(0)
Quote Reply
Posted: 28 July 2005 at 5:11pm |
|
your local domain additions should look similar to: domain1.com domain2.com check and make sure the path to the allowed domains file is valid check and set your bayesian filter is set to %98.995 (default) or set to 0 to disable temporarily |
|
|
|
|
Matt
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 28 July 2005 at 5:43pm |
|
I have local domains setup as follows: I have Excluded FROM Emails: I copied the following information into the Bayes Probability form: Just a test to make sure this filter is working. Can't sound like I am Results - Passed Bayesian Filter - 0.5594% spam -Matt C. |
|
|
|
|
Marcus
Newbie
Joined: 25 July 2005 Location: United States Status: Offline Points: 21 |
Post Options
Thanks(0)
Quote Reply
Posted: 28 July 2005 at 10:00pm |
|
local domain should be the part after the @ in the email address local domain entry = domain1.com you don't really need the excluded from entrys - use this to exclud external mails from being scanned, ie, user @ externaldomain.com entry would be = externaldomain.com turn the bayesian filter completly off ( %0 ) for testing |
|
|
|
|
Matt
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 29 July 2005 at 12:04pm |
|
I have made that changes listed above, but all messages are still getting rejected with 100%. Turning off Bayesian filter will allow messages to pass through. Any more ideas? -Matt C. |
|
|
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 29 July 2005 at 4:10pm |
|
Matt is emailing us all his relevant files. We'll be looking over them to see if we can find the problem.
|
|
|
|
|
lead
Newbie
Joined: 08 March 2005 Status: Offline Points: 18 |
Post Options
Thanks(0)
Quote Reply
Posted: 03 November 2005 at 5:55am |
|
Did anything come of this?
I appear to be having the same issue. The bayes filter has only just kicked in: [Messages] Spam=44739 Good=6131 Version: 2.6.3.482 On sending a harmless test email that i would expect to get passed the bayes filter scored it as 100% spam. Using the Bayesian probability utility I get the probability scores for each word/reference in the email (see below). Notice how words such as 'you' and 'This' have a high spam score, which have skewed the result. Is there anyway to adjust these, so they don't have such a dramatic effect on the probability score? (without sending hundreds of emails with the words in question and letting them through ;-) I have already deleted the database a number of times becuase of this. Thanks and many regards, 11/03/05 10:27:17:224 -- () Token Good Spam Prob is Spam 11/03/05 10:27:17:224 -- 1*0 0 1 0.4 11/03/05 10:27:17:224 -- 1*57 0 0 0.2 11/03/05 10:27:17:224 -- 10*0 1 0 0.4 11/03/05 10:27:17:224 -- <blanked> 1 0 0.4 11/03/05 10:27:17:234 -- <blanked> 0 0 0.2 11/03/05 10:27:17:234 -- 782A4E000376 0 0 0.2 11/03/05 10:27:17:234 -- 7bit 0 1 0.4 11/03/05 10:27:17:234 -- Accept 0 0 0.2 11/03/05 10:27:17:234 -- Agent 0 2 0.4 11/03/05 10:27:17:234 -- and 0 80 0.9999 11/03/05 10:27:17:234 -- any 0 33 0.9999 11/03/05 10:27:17:234 -- are 0 42 0.9999 11/03/05 10:27:17:234 -- bayes 0 0 0.2 11/03/05 10:27:17:234 -- blaster 0 0 0.2 11/03/05 10:27:17:234 -- charset 1 0 0.4 11/03/05 10:27:17:234 -- cla 0 2 0.4 11/03/05 10:27:17:234 -- community 1 0 0.4 11/03/05 10:27:17:234 -- considered 1 0 0.4 11/03/05 10:27:17:234 -- contain 1 0 0.4 11/03/05 10:27:17:234 -- Content 1 0 0.4 11/03/05 10:27:17:244 -- could 0 11 0.9999 11/03/05 10:27:17:244 -- Date 0 1 0.4 11/03/05 10:27:17:244 -- day 0 31 0.9999 11/03/05 10:27:17:244 -- Domain 0 0 0.2 11/03/05 10:27:17:244 -- email 0 10 0.9999 11/03/05 10:27:17:244 -- Encoding 1 0 0.4 11/03/05 10:27:17:244 -- ESMTP 1 0 0.4 11/03/05 10:27:17:244 -- filter 1 0 0.4 11/03/05 10:27:17:244 -- flowed 0 0 0.2 11/03/05 10:27:17:244 -- for 0 80 0.9999 11/03/05 10:27:17:244 -- format 2 0 0.4 11/03/05 10:27:17:244 -- from 0 36 0.9999 11/03/05 10:27:17:244 -- From 0 2 0.4 11/03/05 10:27:17:244 -- From*com 0 44 0.9999 11/03/05 10:27:17:244 -- From*<blanked> 4 0 0.4 11/03/05 10:27:17:244 -- From*<blanked> 0 0 0.2 11/03/05 10:27:17:244 -- From*<blanked> 1 0 0.4 11/03/05 10:27:17:244 -- generic 0 2 0.4 11/03/05 10:27:17:244 -- getting 0 34 0.9999 11/03/05 10:27:17:244 -- GMT 1 0 0.4 11/03/05 10:27:17:244 -- had 0 3 0.4 11/03/05 10:27:17:244 -- harmless 0 2 0.4 11/03/05 10:27:17:244 -- having 0 2 0.4 11/03/05 10:27:17:254 -- Hello 0 8 0.4 11/03/05 10:27:17:254 -- HELO 1 0 0.4 11/03/05 10:27:17:254 -- help 0 23 0.9999 11/03/05 10:27:17:254 -- helpful 1 0 0.4 11/03/05 10:27:17:254 -- high 1 1 0.4 11/03/05 10:27:17:254 -- hope 0 1 0.4 11/03/05 10:27:17:254 -- ISO 1 0 0.4 11/03/05 10:27:17:254 -- it's 0 2 0.4 11/03/05 10:27:17:254 -- Language 1 0 0.4 11/03/05 10:27:17:254 -- logsat 0 0 0.2 11/03/05 10:27:17:254 -- LogSat 0 2 0.4 11/03/05 10:27:17:254 -- looks 1 0 0.4 11/03/05 10:27:17:254 -- mailgw 1 0 0.4 11/03/05 10:27:17:254 -- manner 1 0 0.4 11/03/05 10:27:17:254 -- may 1 1 0.4 11/03/05 10:27:17:254 -- Maybe 1 0 0.4 11/03/05 10:27:17:254 -- Message 2 0 0.4 11/03/05 10:27:17:254 -- MIME 1 0 0.4 11/03/05 10:27:17:254 -- Mozilla 0 0 0.2 11/03/05 10:27:17:254 -- net 0 3 0.4 11/03/05 10:27:17:254 -- nice 0 8 0.4 11/03/05 10:27:17:254 -- <blanked> 0 0 0.2 11/03/05 10:27:17:254 -- not 0 20 0.9999 11/03/05 10:27:17:264 -- Nov 1 0 0.4 11/03/05 10:27:17:264 -- off 0 8 0.4 11/03/05 10:27:17:264 -- Path 1 0 0.4 11/03/05 10:27:17:264 -- people 0 8 0.4 11/03/05 10:27:17:264 -- peterb 1 0 0.4 11/03/05 10:27:17:264 -- pipex 0 0 0.2 11/03/05 10:27:17:264 -- plain 1 0 0.4 11/03/05 10:27:17:264 -- Postfix 1 0 0.4 11/03/05 10:27:17:264 -- proability 0 0 0.2 11/03/05 10:27:17:264 -- quite 1 0 0.4 11/03/05 10:27:17:264 -- real 0 27 0.9999 11/03/05 10:27:17:264 -- Received 1 0 0.4 11/03/05 10:27:17:264 -- Received*0000 0 4 0.4 11/03/05 10:27:17:264 -- Received*1*57 4 0 0.4 11/03/05 10:27:17:264 -- Received*10 0 2 0.4 11/03/05 10:27:17:264 -- Received*10*0 1 0 0.4 11/03/05 10:27:17:264 -- Received*17 0 83 0.9999 11/03/05 10:27:17:264 -- Received*<blanked> &nbs p; 1 0 0.4 11/03/05 10:27:17:264 -- Received*20 0 2 0.4 11/03/05 10:27:17:264 -- Received*2005 0 83 0.9999 11/03/05 10:27:17:264 -- Received*26 0 1 0.4 11/03/05 10:27:17:264 -- Received*27 0 2 0.4 11/03/05 10:27:17:264 -- Received*3 1 1 0.4 11/03/05 10:27:17:274 -- Received*<blanked> &nbs p; 0 0 0.2 11/03/05 10:27:17:274 -- Received*782A4E000376 0 0 0.2 11/03/05 10:27:17:274 -- Received*blaster 0 0 0.2 11/03/05 10:27:17:274 -- Received*by 0 83 0.9999 11/03/05 10:27:17:274 -- Received*<mydomain> &nb sp; 0 83 0.9999 11/03/05 10:27:17:274 -- Received*co 0 83 0.9999 11/03/05 10:27:17:274 -- Received*ESMTP 0 1 0.4 11/03/05 10:27:17:274 -- Received*for 0 2 0.4 11/03/05 10:27:17:274 -- Received*from 0 83 0.9999 11/03/05 10:27:17:274 -- Received*GMT 0 4 0.4 11/03/05 10:27:17:274 -- Received*id 0 2 0.4 11/03/05 10:27:17:274 -- Received*LogSat 0 83 0.9999 11/03/05 10:27:17:274 -- Received*mailgw 0 83 0.9999 11/03/05 10:27:17:274 -- Received*net 0 2 0.4 11/03/05 10:27:17:274 -- Received*Nov 0 2 0.4 11/03/05 10:27:17:274 -- Received*<blanked> &nbs p; 4 0 0.4 11/03/05 10:27:17:274 -- Received*<blanked> &nbs p; 1 0 0.4 11/03/05 10:27:17:274 -- Received*Postfix 1 0 0.4 11/03/05 10:27:17:274 -- Received*Server 0 83 0.9999 11/03/05 10:27:17:274 -- Received*SMTP 0 83 0.9999 11/03/05 10:27:17:274 -- Received*Software 0 83 0.9999 11/03/05 10:27:17:274 -- Received*systems 1 0 0.4 11/03/05 10:27:17:274 -- Received*Thu 0 2 0.4 11/03/05 10:27:17:284 -- Received*uk 0 83 0.9999 11/03/05 10:27:17:284 -- Received*unknown 1 3 0.4 11/03/05 10:27:17:284 -- Received*with 0 5 0.4 11/03/05 10:27:17:284 -- reliable 0 7 0.4 11/03/05 10:27:17:284 -- Return 3 83 0.6539 11/03/05 10:27:17:284 -- Return-Path*Path* 3 83 0.6539 11/03/05 10:27:17:284 -- Server 1 0 0.4 11/03/05 10:27:17:284 -- shame 1 0 0.4 11/03/05 10:27:17:284 -- should 1 0 0.4 11/03/05 10:27:17:284 -- SMTP 1 0 0.4 11/03/05 10:27:17:284 -- Software 0 2 0.4 11/03/05 10:27:17:284 -- some 2 2 0.4 11/03/05 10:27:17:284 -- Subject 0 4 0.4 11/03/05 10:27:17:284 -- Subject*a 0 2 0.4 11/03/05 10:27:17:284 -- Subject*and 0 3 0.4 11/03/05 10:27:17:284 -- Subject*any 0 3 0.4 11/03/05 10:27:17:284 -- Subject*be 0 2 0.4 11/03/05 10:27:17:284 -- Subject*considered 0 0 0.2 11/03/05 10:27:17:284 -- Subject*contain 0 0 0.2 11/03/05 10:27:17:284 -- Subject*email 1 0 0.4 11/03/05 10:27:17:284 -- Subject*generic 0 0 0.2 11/03/05 10:27:17:284 -- Subject*harmless 0 0 0.2 11/03/05 10:27:17:284 -- Subject*high 0 0 0.2 11/03/05 10:27:17:284 -- Subject*is 0 2 0.4 11/03/05 10:27:17:294 -- Subject*may 1 0 0.4 11/03/05 10:27:17:294 -- Subject*not 0 1 0.4 11/03/05 10:27:17:294 -- Subject*proability 0 0 0.2 11/03/05 10:27:17:294 -- Subject*should 1 0 0.4 11/03/05 10:27:17:294 -- Subject*that 0 2 0.4 11/03/05 10:27:17:294 -- Subject*This 0 4 0.4 11/03/05 10:27:17:294 -- Subject*which 0 0 0.2 11/03/05 10:27:17:294 -- Subject*words 4 0 0.4 11/03/05 10:27:17:294 -- success 1 1 0.4 11/03/05 10:27:17:294 -- systems 1 0 0.4 11/03/05 10:27:17:294 -- text 1 0 0.4 11/03/05 10:27:17:294 -- that 2 2 0.4 11/03/05 10:27:17:294 -- the 3 11 0.2002 11/03/05 10:27:17:294 -- this 2 2 0.4 11/03/05 10:27:17:294 -- This 0 29 0.9999 11/03/05 10:27:17:294 -- Thu 1 0 0.4 11/03/05 10:27:17:294 -- Thunderbird 0 0 0.2 11/03/05 10:27:17:294 -- To*<my domain> 0 82 0.9999 11/03/05 10:27:17:294 -- To*co 0 82 0.9999 11/03/05 10:27:17:294 -- To*<blanked> 1 0 0.4 11/03/05 10:27:17:294 -- To*uk 0 82 0.9999 11/03/05 10:27:17:294 -- Transfer 1 0 0.4 11/03/05 10:27:17:294 -- turn 0 1 0.4 11/03/05 10:27:17:304 -- Type 1 0 0.4 11/03/05 10:27:17:304 -- unknown 1 0 0.4 11/03/05 10:27:17:304 -- useful 1 0 0.4 11/03/05 10:27:17:304 -- User 0 4 0.4 11/03/05 10:27:17:304 -- users 1 0 0.4 11/03/05 10:27:17:304 -- Version 1 0 0.4 11/03/05 10:27:17:304 -- which 1 4 0.4 11/03/05 10:27:17:304 -- Windows 0 2 0.4 11/03/05 10:27:17:304 -- with 0 9 0.4 11/03/05 10:27:17:304 -- words 1 0 0.4 11/03/05 10:27:17:304 -- working 1 0 0.4 11/03/05 10:27:17:304 -- would 0 9 0.4 11/03/05 10:27:17:304 -- you 0 30 0.9999 11/03/05 10:27:17:304 -- ------------------------------------------------------------ 11/03/05 10:27:17:304 -- help 0.9999 11/03/05 10:27:17:304 -- not 0.9999 11/03/05 10:27:17:304 -- Received*17 0.9999 11/03/05 10:27:17:304 -- for 0.9999 11/03/05 10:27:17:304 -- any 0.9999 11/03/05 10:27:17:304 -- from 0.9999 11/03/05 10:27:17:314 -- day 0.9999 11/03/05 10:27:17:314 -- Received*by 0.9999 11/03/05 10:27:17:314 -- This 0.9999 11/03/05 10:27:17:314 -- To*co 0.9999 11/03/05 10:27:17:314 -- you 0.9999 11/03/05 10:27:17:314 -- Received*Software 0.9999 11/03/05 10:27:17:314 -- Received*co 0.9999 11/03/05 10:27:17:314 -- Received*LogSat 0.9999 11/03/05 10:27:17:314 -- Received*Server 0.9999 11/03/05 10:27:17:314 -- Received*from 0.9999 11/03/05 10:27:17:314 -- Received*2005 0.9999 11/03/05 10:27:17:314 -- are 0.9999 11/03/05 10:27:17:314 -- getting 0.9999 11/03/05 10:27:17:314 -- and 0.9999 11/03/05 10:27:17:314 -- Received*SMTP 0.9999 11/03/05 10:27:17:314 -- real 0.9999 11/03/05 10:27:17:314 -- email 0.9999 11/03/05 10:27:17:314 -- From*com 0.9999 11/03/05 10:27:17:314 -- could 0.9999 11/03/05 10:27:17:314 -- Received*<mydomain> 0.9999 11/03/05 10:27:17:314 -- Received*mailgw 0.9999 11/03/05 10:27:17:314 -- To*<mydomain> 0.9999 11/03/05 10:27:17:314 -- To*uk 0.9999 11/03/05 10:27:17:314 -- Received*uk 0.9999 11/03/05 10:27:17:314 -- <blanked> 0.2 11/03/05 10:27:17:324 -- **** R E S U L T S ********* 11/03/05 10:27:17:324 -- matches Bayesian filter - rejected - 100% spam |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 03 November 2005 at 4:40pm |
|
lead,
Matt's issue was solved by emails. The final solution to his problem was as follows: ========================== Your corpus database, which holds all of the statistical information about incoming emails did appear to have become corrupted. While according to your files it was supposed to hold data for about 100,000 emails received, there were only a few thousand records in it. Our original recommendation, to stop SpamFilter, delete or rename the SpamFilter\corpus directory, and restart SpamFilter will resolve your problem by resetting the statistical information. =========================== But from your post I see you already cleared the corpus database, so if that is correct, the solution will not apply to you. Please note that the Corpus database is dependent on the type of emails you receive. From your stats the word "you" has a high spam score, and that is actually correct, since 30 spam email were received containing that word, and not a single clean email arrived with "you" in it. If however false positives have arrived, meaning a "good" email was blocked, if you force the delivery of such emails, they will be reprocessed by SpamFilter, and all the tokens will be re-evaluated, inverting their score, and applying "extra weight" to them to help minimize the problem in the future. For example, if a false positive had the word "you" in it, and you forced its delivery, the spam score assigned to it would be changed by quite a bit, and would not be 0.9999 anymore. |
|
|
|
|
lead
Newbie
Joined: 08 March 2005 Status: Offline Points: 18 |
Post Options
Thanks(0)
Quote Reply
Posted: 18 November 2005 at 8:01am |
|
Roberto,
thanks for that. I am pretty sure that the spam score for words like "you" are not been updated when a false positive has been processed. The good score remains at 0. Just to be sure I increase the time when the bayes filter kicks in by doubling the required number of emails. However when the bayes filter kicks in, it still blocks email with 100% stats. I have sent email with the the simple words in them like "you" which were blocked, I forced the delivery and checked the good token, which remained at 0. extract from bayes prob util: 11/18/05 12:41:48:160 -- you 0 30 0.9999 by your discription this should not be at 0.9999. Any ideas? Also does any of the whitelists have any effect on the bayes learning? I can't be sure, but I feel it does not learn emails which have been forwarded by a whitelist. Therefore their content does not update the good scores. Regards Edited by lead |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.209 seconds.