SPAM folder

johan_hammy · November 7, 2006, 9:29am

I read somewhere that if you create an IMAP folder called SPAM, all of your messages determined to be SPAM will get moved there.

I tried it.

It works… kinda. Some go there and some do not. How do I troubleshoot (or just plain shoot) this?

Its nice that it marks spam as such, but when you get 50 messages in a row, its kind of bothersome. I’d like to investigate why this isnt’ working 100% before I investigate further how to delete all messages over a certain score.

IWorx-Paul · November 7, 2006, 11:16am

Can you see any difference between the spam messages that are going to the SPAM folder and those that aren’t? It basically works by checking for a header in the spam messages that looks like this:

X-Spam-Flag: YES

And if it finds this header it puts the message in the SPAM imap folder.

Paul

johan_hammy · November 8, 2006, 8:43am

Sample header from something marked as [Possible SPAM], but did not go into the SPAM folder.

Return-Path: <[EMAIL="JodiCramer@rp2m.com"]JodiCramer@rp2m.com[/EMAIL]>
Delivered-To: [EMAIL="hammy@camnetworking.com"]hammy@camnetworking.com[/EMAIL]
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on 
 ds00209.nozonenet.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.5 required=5.0 tests=BAYES_99,UNPARSEABLE_RELAY 
 autolearn=no version=3.1.7
Received: (qmail 23992 invoked by uid 108); 8 Nov 2006 16:25:38 -0000
Received: from localhost by ds00209.nozonenet.com
 with SpamAssassin (version 3.1.7);
 Wed, 08 Nov 2006 10:25:38 -0600
From: "Jodi" <[EMAIL="JodiCramer@rp2m.com"]JodiCramer@rp2m.com[/EMAIL]>
To: <[EMAIL="muinarruh@camnetworking.com"]muinarruh@camnetworking.com[/EMAIL]>
Subject: [Possible SPAM] It is fully guaranteed ? it will help you to shoot more and more
Date: Wed, 8 Nov 2006 11:25:10 -0400
Message-Id: <[EMAIL="62975807407666.6EB575DC93@73FFR"]62975807407666.6EB575DC93@73FFR[/EMAIL]>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_45520502.49B963C5"
X-Antivirus: avast! (VPS 0646-2, 11/07/2006), Inbound message
X-Antivirus-Status: Clean

Something that made it to the SPAM folder:

Received: from localhost by ds00209.nozonenet.com
 with SpamAssassin (version 3.1.7);
 Thu, 02 Nov 2006 15:28:31 -0600
From: "Wilbert Eubanks" <[EMAIL="marian@gothic.at"]marian@gothic.at[/EMAIL]>
To: [EMAIL="hammy@camnetworking.com"]hammy@camnetworking.com[/EMAIL]
Cc: [EMAIL="hammyjunk@camnetworking.com"]hammyjunk@camnetworking.com[/EMAIL], [EMAIL="hub17@camnetworking.com"]hub17@camnetworking.com[/EMAIL], [EMAIL="junkmail@camnetworking.com"]junkmail@camnetworking.com[/EMAIL], [EMAIL="muinarruh@camnetworking.com"]muinarruh@camnetworking.com[/EMAIL]
Subject: [Possible SPAM] Ratess will skyrocket soon
Date: Thu, 02 Nov 2006 15:28:03 -0600
Message-Id: <[EMAIL="62739883552468.Y6cfr6cALo@noah"]62739883552468.Y6cfr6cALo@noah[/EMAIL]>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on 
 ds00209.nozonenet.com
X-Spam-Level: *************************
X-Spam-Status: Yes, score=25.7 required=5.0 tests=BAYES_99,HTML_50_60,
 HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_LINK_IMG_2,
 MIME_HTML_MOSTLY,UNPARSEABLE_RELAY,URIBL_AB_SURBL,URIBL_JP_SURBL,
 URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=no 
 version=3.1.7
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_454A62FF.41276F61"
X-Antivirus: avast! (VPS 0646-2, 11/07/2006), Inbound message
X-Antivirus-Status: Clean

johan_hammy · November 8, 2006, 8:45am

I see the difference in the presense of the “X-Spam-Flag: YES”, but what determines if that is placed? Surely if it places [Possible SPAM] it would place that too.

tiger · November 8, 2006, 7:30pm

X-Spam-Status: No, score=3.5 required=5.0 tests=BAYES_99,UNPARSEABLE_RELAY
autolearn=no version=3.1.7
I don’t know how it puts “[Possible SPAM]” in the subject (1st header) while the score is less (3.5) than the required (5.0). It’s OK with the 2nd header for the subject to have “[Possible SPAM]” as the score is 25.7 (> 5.0).

And I guess the “X-Spam-Flag: YES” is based on the score getting higher than (or equal to) the required score.

Anyhow, I guess I know the reason for getting more junk on the inbox is due to the ineffectiveness of SpamAssassin (SA) from the recent past. About 30% (30 out of 100) of spam are not marked as spam which I have found in about 300 spams. SA was doing OK (although can not be considered as good) sometime back (only about 6% was unmarked).

But in the recent months, it is about 30% of unmarked spam and SA 3.1.7 seems to be the latest, so there is no question of SA being out of date. (I now have 20 spams unmarked on 39 spams handled with SA 3.1.7). Although these findings are based on a cpanel host, I don’t think I am wrong here as the issue is only with SA which is same with iworx too.

My required score was/is always 5.0. (may be the recomended now is less than 5.0, not sure! )

Time to an alternate for SA, possibly dspam? (http://www.nuclearelephant.com)

It claims accuracy of between 99.5% - 99.95%
Designed to run with a very short execution time
Written in C for speed

Or atleast an option to choose between SA and dspam?

Justec · November 8, 2006, 10:27pm

I have had some clients complain to me (in the last few days actually) about the amount of spam so I would agree SA isn’t doing as well as it used to. I would love to get my hands on the spam detector for Gmail b/c so far its 100% not spam in my inbox and no good mails in my spam folder.

system · November 9, 2006, 11:19am

I still get spam coming through on my GMail account (which I never check, much to Nexcess’ dismay…)

The long and short is spam tends to come in waves, and spammers are very slick about taking advantage of auto-learning spam filters. I’ve gotten my filters to be quite good by training on nearly 1500 messages (more would be better) and dropping my treshold for spam way down. I think its at 1.9 right now.