Spam Filter ISP Support - SpamFilter Blocking Everything

Print Page | Close Window

SpamFilter Blocking Everything

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5283
Printed Date: 12 March 2025 at 5:07pm

Topic: SpamFilter Blocking Everything

Posted By: Guests
Subject: SpamFilter Blocking Everything
Date Posted: 28 July 2005 at 5:06pm

I am running v. 2.5.1.441
Emails Forwarded: 99646
Emails Blocked: 9083
Emails Attempts: 109113

Every email I send is getting returned with the following error:

557 This email is rejected. It contains keywords rejected by the antispam content filter.

The activity log says this:

Bayesian Filter - Rejected - 100% spam

I have sent messages from different email address on different domains and all of them are rejected with 100%. Everything had been working until I added another Local Domain. Any suggestions on things to try? Any help is appreciated.

-Matt C.

Replies:

Posted By: Marcus
Date Posted: 28 July 2005 at 5:11pm

your local domain additions should look similar to:

domain1.com

domain2.com

check and make sure the path to the allowed domains file is valid

check and set your bayesian filter is set to %98.995 (default) or set to 0 to disable temporarily

Posted By: Guests
Date Posted: 28 July 2005 at 5:43pm

I have local domains setup as follows:
domain1.com:mail.domain1.com
domain2.com:mail.domain2.com

I have Excluded FROM Emails:
mailto:*@domain1.com - *@domain1.com
mailto:*@domain2.com - *@domain2.com

Bayesian Filter is set to 98.574%

I copied the following information into the Bayes Probability form:
Received: by 10.54.42.62 with SMTP id p62mr973339wrp;
Thu, 28 Jul 2005 13:33:19 -0700 (PDT)
Received: by 10.54.124.4 with HTTP; Thu, 28 Jul 2005 13:33:19 -0700 (PDT)
Message-ID: < mailto:9c8a8ee8050728133329223671@mail.gmail.com - 9c8a8ee8050728133329223671@mail.gmail.com >
Date: Thu, 28 Jul 2005 13:33:19 -0700
From: Fred Meyer < mailto:0majestic1@gmail.com - 0majestic1@gmail.com >
Reply-To: Fred Meyer < mailto:0majestic1@gmail.com - 0majestic1@gmail.com >
To: mailto:user@domain1.com - user@domain1.com
Subject: Test
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Just a test to make sure this filter is working. Can't sound like I am
trying to sell you anthing or ask for money. Anything else you can
think of that I should put in this message so it doesn't get trapped.

Results - Passed Bayesian Filter - 0.5594% spam
This is a message that was rejected with 100% when sent.

-Matt C.

Posted By: Marcus
Date Posted: 28 July 2005 at 10:00pm

local domain should be the part after the @ in the email address

emailuser @ domain1.com mailto:emailuser@domain1.com -

local domain entry = domain1.com

you don't really need the excluded from entrys - use this to exclud external mails from being scanned, ie, user @ externaldomain.com entry would be = externaldomain.com

turn the bayesian filter completly off ( %0 ) for testing

Posted By: Guests
Date Posted: 29 July 2005 at 12:04pm

I have made that changes listed above, but all messages are still getting rejected with 100%. Turning off Bayesian filter will allow messages to pass through. Any more ideas?

-Matt C.

Posted By: LogSat
Date Posted: 29 July 2005 at 4:10pm

Matt is emailing us all his relevant files. We'll be looking over them to see if we can find the problem.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: lead
Date Posted: 03 November 2005 at 5:55am

Did anything come of this?

I appear to be having the same issue.
The bayes filter has only just kicked in:

[Messages]
Spam=44739
Good=6131

Version: 2.6.3.482

On sending a harmless test email that i would expect to get passed the bayes filter scored it as 100% spam.

Using the Bayesian probability utility I get the probability scores for each word/reference in the email (see below).

Notice how words such as 'you' and 'This' have a high spam score, which have skewed the result.

Is there anyway to adjust these, so they don't have such a dramatic effect on the probability score? (without sending hundreds of emails with the words in question and letting them through ;-)

I have already deleted the database a number of times becuase of this.

Thanks and many regards,

11/03/05 10:27:17:224 -- ()     Token    Good    Spam    Prob is Spam
11/03/05 10:27:17:224 --     1*0    0    1    0.4
11/03/05 10:27:17:224 --     1*57    0    0    0.2
11/03/05 10:27:17:224 --     10*0    1    0    0.4
11/03/05 10:27:17:224 --     <blanked>    1    0    0.4
11/03/05 10:27:17:234 --     <blanked>    0    0    0.2
11/03/05 10:27:17:234 --     782A4E000376    0    0    0.2
11/03/05 10:27:17:234 --     7bit    0    1    0.4
11/03/05 10:27:17:234 --     Accept    0    0    0.2
11/03/05 10:27:17:234 --     Agent    0    2    0.4
11/03/05 10:27:17:234 --     and    0    80    0.9999
11/03/05 10:27:17:234 --     any    0    33    0.9999
11/03/05 10:27:17:234 --     are    0    42    0.9999
11/03/05 10:27:17:234 --     bayes    0    0    0.2
11/03/05 10:27:17:234 --     blaster    0    0    0.2
11/03/05 10:27:17:234 --     charset    1    0    0.4
11/03/05 10:27:17:234 --     cla    0    2    0.4
11/03/05 10:27:17:234 --     community    1    0    0.4
11/03/05 10:27:17:234 --     considered    1    0    0.4
11/03/05 10:27:17:234 --     contain    1    0    0.4
11/03/05 10:27:17:234 --     Content    1    0    0.4
11/03/05 10:27:17:244 --     could    0    11    0.9999
11/03/05 10:27:17:244 --     Date    0    1    0.4
11/03/05 10:27:17:244 --     day    0    31    0.9999
11/03/05 10:27:17:244 --     Domain    0    0    0.2
11/03/05 10:27:17:244 --     email    0    10    0.9999
11/03/05 10:27:17:244 --     Encoding    1    0    0.4
11/03/05 10:27:17:244 --     ESMTP    1    0    0.4
11/03/05 10:27:17:244 --     filter    1    0    0.4
11/03/05 10:27:17:244 --     flowed    0    0    0.2
11/03/05 10:27:17:244 --     for    0    80    0.9999
11/03/05 10:27:17:244 --     format    2    0    0.4
11/03/05 10:27:17:244 --     from    0    36    0.9999
11/03/05 10:27:17:244 --     From    0    2    0.4
11/03/05 10:27:17:244 --     From*com    0    44    0.9999
11/03/05 10:27:17:244 --     From*<blanked>    4    0    0.4
11/03/05 10:27:17:244 --     From*<blanked>    0    0    0.2
11/03/05 10:27:17:244 --     From*<blanked>    1    0    0.4
11/03/05 10:27:17:244 --     generic    0    2    0.4
11/03/05 10:27:17:244 --     getting    0    34    0.9999
11/03/05 10:27:17:244 --     GMT    1    0    0.4
11/03/05 10:27:17:244 --     had    0    3    0.4
11/03/05 10:27:17:244 --     harmless    0    2    0.4
11/03/05 10:27:17:244 --     having    0    2    0.4
11/03/05 10:27:17:254 --     Hello    0    8    0.4
11/03/05 10:27:17:254 --     HELO    1    0    0.4
11/03/05 10:27:17:254 --     help    0    23    0.9999
11/03/05 10:27:17:254 --     helpful    1    0    0.4
11/03/05 10:27:17:254 --     high    1    1    0.4
11/03/05 10:27:17:254 --     hope    0    1    0.4
11/03/05 10:27:17:254 --     ISO    1    0    0.4
11/03/05 10:27:17:254 --     it's    0    2    0.4
11/03/05 10:27:17:254 --     Language    1    0    0.4
11/03/05 10:27:17:254 --     logsat    0    0    0.2
11/03/05 10:27:17:254 --     LogSat    0    2    0.4
11/03/05 10:27:17:254 --     looks    1    0    0.4
11/03/05 10:27:17:254 --     mailgw    1    0    0.4
11/03/05 10:27:17:254 --     manner    1    0    0.4
11/03/05 10:27:17:254 --     may    1    1    0.4
11/03/05 10:27:17:254 --     Maybe    1    0    0.4
11/03/05 10:27:17:254 --     Message    2    0    0.4
11/03/05 10:27:17:254 --     MIME    1    0    0.4
11/03/05 10:27:17:254 --     Mozilla    0    0    0.2
11/03/05 10:27:17:254 --     net    0    3    0.4
11/03/05 10:27:17:254 --     nice    0    8    0.4
11/03/05 10:27:17:254 --     <blanked>    0    0    0.2
11/03/05 10:27:17:254 --     not    0    20    0.9999
11/03/05 10:27:17:264 --     Nov    1    0    0.4
11/03/05 10:27:17:264 --     off    0    8    0.4
11/03/05 10:27:17:264 --     Path    1    0    0.4
11/03/05 10:27:17:264 --     people    0    8    0.4
11/03/05 10:27:17:264 --     peterb    1    0    0.4
11/03/05 10:27:17:264 --     pipex    0    0    0.2
11/03/05 10:27:17:264 --     plain    1    0    0.4
11/03/05 10:27:17:264 --     Postfix    1    0    0.4
11/03/05 10:27:17:264 --     proability    0    0    0.2
11/03/05 10:27:17:264 --     quite    1    0    0.4
11/03/05 10:27:17:264 --     real    0    27    0.9999
11/03/05 10:27:17:264 --     Received    1    0    0.4
11/03/05 10:27:17:264 --     Received*0000    0    4    0.4
11/03/05 10:27:17:264 --     Received*1*57    4    0    0.4
11/03/05 10:27:17:264 --     Received*10    0    2    0.4
11/03/05 10:27:17:264 --     Received*10*0    1    0    0.4
11/03/05 10:27:17:264 --     Received*17    0    83    0.9999
11/03/05 10:27:17:264 --     Received*<blanked>  &nbs p; 1    0    0.4
11/03/05 10:27:17:264 --     Received*20    0    2    0.4
11/03/05 10:27:17:264 --     Received*2005    0    83    0.9999
11/03/05 10:27:17:264 --     Received*26    0    1    0.4
11/03/05 10:27:17:264 --     Received*27    0    2    0.4
11/03/05 10:27:17:264 --     Received*3    1    1    0.4
11/03/05 10:27:17:274 --     Received*<blanked>  &nbs p; 0    0    0.2
11/03/05 10:27:17:274 --     Received*782A4E000376    0    0    0.2
11/03/05 10:27:17:274 --     Received*blaster    0    0    0.2
11/03/05 10:27:17:274 --     Received*by    0    83    0.9999
11/03/05 10:27:17:274 --     Received*<mydomain>  &nb sp; 0    83    0.9999
11/03/05 10:27:17:274 --     Received*co    0    83    0.9999
11/03/05 10:27:17:274 --     Received*ESMTP    0    1    0.4
11/03/05 10:27:17:274 --     Received*for    0    2    0.4
11/03/05 10:27:17:274 --     Received*from    0    83    0.9999
11/03/05 10:27:17:274 --     Received*GMT    0    4    0.4
11/03/05 10:27:17:274 --     Received*id    0    2    0.4
11/03/05 10:27:17:274 --     Received*LogSat    0    83    0.9999
11/03/05 10:27:17:274 --     Received*mailgw    0    83    0.9999
11/03/05 10:27:17:274 --     Received*net    0    2    0.4
11/03/05 10:27:17:274 --     Received*Nov    0    2    0.4
11/03/05 10:27:17:274 --     Received*<blanked>  &nbs p; 4    0    0.4
11/03/05 10:27:17:274 --     Received*<blanked>  &nbs p; 1    0    0.4
11/03/05 10:27:17:274 --     Received*Postfix    1    0    0.4
11/03/05 10:27:17:274 --     Received*Server    0    83    0.9999
11/03/05 10:27:17:274 --     Received*SMTP    0    83    0.9999
11/03/05 10:27:17:274 --     Received*Software    0    83    0.9999
11/03/05 10:27:17:274 --     Received*systems    1    0    0.4
11/03/05 10:27:17:274 --     Received*Thu    0    2    0.4
11/03/05 10:27:17:284 --     Received*uk    0    83    0.9999
11/03/05 10:27:17:284 --     Received*unknown    1    3    0.4
11/03/05 10:27:17:284 --     Received*with    0    5    0.4
11/03/05 10:27:17:284 --     reliable    0    7    0.4
11/03/05 10:27:17:284 --     Return    3    83    0.6539
11/03/05 10:27:17:284 --     Return-Path*Path*    3    83    0.6539
11/03/05 10:27:17:284 --     Server    1    0    0.4
11/03/05 10:27:17:284 --     shame    1    0    0.4
11/03/05 10:27:17:284 --     should    1    0    0.4
11/03/05 10:27:17:284 --     SMTP    1    0    0.4
11/03/05 10:27:17:284 --     Software    0    2    0.4
11/03/05 10:27:17:284 --     some    2    2    0.4
11/03/05 10:27:17:284 --     Subject    0    4    0.4
11/03/05 10:27:17:284 --     Subject*a    0    2    0.4
11/03/05 10:27:17:284 --     Subject*and    0    3    0.4
11/03/05 10:27:17:284 --     Subject*any    0    3    0.4
11/03/05 10:27:17:284 --     Subject*be    0    2    0.4
11/03/05 10:27:17:284 --     Subject*considered    0    0    0.2
11/03/05 10:27:17:284 --     Subject*contain    0    0    0.2
11/03/05 10:27:17:284 --     Subject*email    1    0    0.4
11/03/05 10:27:17:284 --     Subject*generic    0    0    0.2
11/03/05 10:27:17:284 --     Subject*harmless    0    0    0.2
11/03/05 10:27:17:284 --     Subject*high    0    0    0.2
11/03/05 10:27:17:284 --     Subject*is    0    2    0.4
11/03/05 10:27:17:294 --     Subject*may    1    0    0.4
11/03/05 10:27:17:294 --     Subject*not    0    1    0.4
11/03/05 10:27:17:294 --     Subject*proability    0    0    0.2
11/03/05 10:27:17:294 --     Subject*should    1    0    0.4
11/03/05 10:27:17:294 --     Subject*that    0    2    0.4
11/03/05 10:27:17:294 --     Subject*This    0    4    0.4
11/03/05 10:27:17:294 --     Subject*which    0    0    0.2
11/03/05 10:27:17:294 --     Subject*words    4    0    0.4
11/03/05 10:27:17:294 --     success    1    1    0.4
11/03/05 10:27:17:294 --     systems    1    0    0.4
11/03/05 10:27:17:294 --     text    1    0    0.4
11/03/05 10:27:17:294 --     that    2    2    0.4
11/03/05 10:27:17:294 --     the    3    11    0.2002
11/03/05 10:27:17:294 --     this    2    2    0.4
11/03/05 10:27:17:294 --     This    0    29    0.9999
11/03/05 10:27:17:294 --     Thu    1    0    0.4
11/03/05 10:27:17:294 --     Thunderbird    0    0    0.2
11/03/05 10:27:17:294 --     To*<my domain>    0    82    0.9999
11/03/05 10:27:17:294 --     To*co    0    82    0.9999
11/03/05 10:27:17:294 --     To*<blanked>    1    0    0.4
11/03/05 10:27:17:294 --     To*uk    0    82    0.9999
11/03/05 10:27:17:294 --     Transfer    1    0    0.4
11/03/05 10:27:17:294 --     turn    0    1    0.4
11/03/05 10:27:17:304 --     Type    1    0    0.4
11/03/05 10:27:17:304 --     unknown    1    0    0.4
11/03/05 10:27:17:304 --     useful    1    0    0.4
11/03/05 10:27:17:304 --     User    0    4    0.4
11/03/05 10:27:17:304 --     users    1    0    0.4
11/03/05 10:27:17:304 --     Version    1    0    0.4
11/03/05 10:27:17:304 --     which    1    4    0.4
11/03/05 10:27:17:304 --     Windows    0    2    0.4
11/03/05 10:27:17:304 --     with    0    9    0.4
11/03/05 10:27:17:304 --     words    1    0    0.4
11/03/05 10:27:17:304 --     working    1    0    0.4
11/03/05 10:27:17:304 --     would    0    9    0.4
11/03/05 10:27:17:304 --     you    0    30    0.9999
11/03/05 10:27:17:304 -- ------------------------------------------------------------
11/03/05 10:27:17:304 --     help    0.9999
11/03/05 10:27:17:304 --     not    0.9999
11/03/05 10:27:17:304 --     Received*17    0.9999
11/03/05 10:27:17:304 --     for    0.9999
11/03/05 10:27:17:304 --     any    0.9999
11/03/05 10:27:17:304 --     from    0.9999
11/03/05 10:27:17:314 --     day    0.9999
11/03/05 10:27:17:314 --     Received*by    0.9999
11/03/05 10:27:17:314 --     This    0.9999
11/03/05 10:27:17:314 --     To*co    0.9999
11/03/05 10:27:17:314 --     you    0.9999
11/03/05 10:27:17:314 --     Received*Software    0.9999
11/03/05 10:27:17:314 --     Received*co    0.9999
11/03/05 10:27:17:314 --     Received*LogSat    0.9999
11/03/05 10:27:17:314 --     Received*Server    0.9999
11/03/05 10:27:17:314 --     Received*from    0.9999
11/03/05 10:27:17:314 --     Received*2005    0.9999
11/03/05 10:27:17:314 --     are    0.9999
11/03/05 10:27:17:314 --     getting    0.9999
11/03/05 10:27:17:314 --     and    0.9999
11/03/05 10:27:17:314 --     Received*SMTP    0.9999
11/03/05 10:27:17:314 --     real    0.9999
11/03/05 10:27:17:314 --     email    0.9999
11/03/05 10:27:17:314 --     From*com    0.9999
11/03/05 10:27:17:314 --     could    0.9999
11/03/05 10:27:17:314 --     Received*<mydomain>    0.9999
11/03/05 10:27:17:314 --     Received*mailgw    0.9999
11/03/05 10:27:17:314 --     To*<mydomain>    0.9999
11/03/05 10:27:17:314 --     To*uk    0.9999
11/03/05 10:27:17:314 --     Received*uk    0.9999
11/03/05 10:27:17:314 --     <blanked>    0.2
11/03/05 10:27:17:324 -- **** R E S U L T S *********
11/03/05 10:27:17:324 -- matches Bayesian filter - rejected - 100% spam

Posted By: LogSat
Date Posted: 03 November 2005 at 4:40pm

lead,

Matt's issue was solved by emails. The final solution to his problem was as follows:
==========================
Your corpus database, which holds all of the statistical information about incoming emails did appear to have become corrupted. While according to your files it was supposed to hold data for about 100,000 emails received, there were only a few thousand records in it.

Our original recommendation, to stop SpamFilter, delete or rename the SpamFilter\corpus directory, and restart SpamFilter will resolve your problem by resetting the statistical information.
===========================

But from your post I see you already cleared the corpus database, so if that is correct, the solution will not apply to you.

Please note that the Corpus database is dependent on the type of emails you receive. From your stats the word "you" has a high spam score, and that is actually correct, since 30 spam email were received containing that word, and not a single clean email arrived with "you" in it. If however false positives have arrived, meaning a "good" email was blocked, if you force the delivery of such emails, they will be reprocessed by SpamFilter, and all the tokens will be re-evaluated, inverting their score, and applying "extra weight" to them to help minimize the problem in the future. For example, if a false positive had the word "you" in it, and you forced its delivery, the spam score assigned to it would be changed by quite a bit, and would not be 0.9999 anymore.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: lead
Date Posted: 18 November 2005 at 8:01am

Roberto,

thanks for that.

I am pretty sure that the spam score for words like "you" are not been updated when a false positive has been processed. The good score remains at 0.

Just to be sure I increase the time when the bayes filter kicks in by doubling the required number of emails.

However when the bayes filter kicks in, it still blocks email with 100% stats.

I have sent email with the the simple words in them like "you" which were blocked, I forced the delivery and checked the good token, which remained at 0.

extract from bayes prob util:
11/18/05 12:41:48:160 -- you 0 30 0.9999

by your discription this should not be at 0.9999. Any ideas?

Also does any of the whitelists have any effect on the bayes learning?
I can't be sure, but I feel it does not learn emails which have been forwarded by a whitelist. Therefore their content does not update the good scores.

Regards

Print Page | Close Window