Mauriat Miranda     mjmwired

SpamAssassin Failure

SpamAssassin is a free tool for mailservers to identify SPAM. It has a several parameters it checks (forged headers, HTML only content, blacklisted hosts, improper mail relays, etc) and assigns a score for every parameter. If the total score is greater than the threshold, it is marked as spam and either tagged, moved to a separate mailbox or deleted. I started using SpamAssassin in April of 2005 and it has caught thousands of messages. I know this isn’t large, but it made my inbox manageable.

Originally I set the threshold at 5 however this still lead to several messages a day. So I kept reducing the score, by 0.1 till I stopped at 4.5 and I only had 1 spam message every 3-4 days. I was completely satisified even though an occasional non-spam did get improperly marked (usually an SMS from a cell phone).

As of June 15, SpamAssassin has failed me. I am getting dozens of junk mail passing into my inbox daily. I am seeing scores of 3, 0 and even -0.7. Either the spammers got smart or the scores are not properly being assigned. I am using the latest version SpamAssassin 3.1.3 and I haven’t changed any options.

I may have to investigate further with my hosting provider. But I am curious if anyone else seen this?

Posted in: Hosting, Miscellaneous, Server,

3 Comments:

  • Matthew C. Lowry on August 6, 2006 - 08:20 PM

    Mauriat,
    I’m a IT Manager. I’ve been using SpamAssassin for the atleast a year. During that time I been experiencing the same increase in unfiltered spam. Reciently I’ve implemented addition rules & bayesian learning in an effort to fix the problem. I’ll keep you updated.

  • Mauriat on August 7, 2006 - 11:11 AM

    Matthew: I’m glad I’m not the only one!

  • Matthew C. Lowry on August 24, 2006 - 11:11 AM

    Since my last post I’ve enabled the Ryzor2, Pyzor, and Bysian features of SpamAssassin. I had SpamAssassin sa-learn on over a gig of spam. These features together have made my mail server run about 10% slower, but much more Spam is correctly identified.
    I believe the feature that made the most difference was the Bysian filtering. I would say that SpamAssassin correctly identifies 85% of all the spam we recieve as ‘spam’ now.