Re: sender name same as recipient name

On Mon, 24 Sep 2007, feral wrote:

> Here are the headers & bodies of 3 of the spams that got through
> (and are continuing to come through at a high rate):

> tests=BAYES_00,HELO_DYNAMIC_IPADDR2
> autolearn=no version=3.1.9

> tests=BAYES_00,HELO_DYNAMIC_IPADDR2,
> HELO_DYNAMIC_SPLIT_IP autolearn=no version=3.1.9

> X-Spam-Status: No, score=-0.6 required=4.0 tests=BAYES_00,HOT_NASTY,PORN_16
> autolearn=no version=3.1.9

Observations:

(1) Hardly any rules are hitting.

(2) Everything is getting BAYES_00.

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related spamassassin.apache.org Links users Request more information about Pantek

The very first thing to look at is your Bayes database. How are you training it, and how has it gotten so badly mistrained? Are you using a Bayes database that is global to all your clients, or per-user Bayes databases? How are you training? Is the user actually responsible training, and the problem is basically their own fault?

Can you run "sa-learn --dump magic" and send us the output?

As Dave said, do you have network tests disabled?

--
 John Hardin KA7OHZ                    
http://www.impsec.org/~jhardin/
 jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Pelley: Will you pledge not to test a nuclear weapon?
  Ahmadeinejad: CIA! Secret prison in Europe! Abu Ghraib!
              -- Teflon Mahmoud in a 60 Minutes interview (9/20/2007)
-----------------------------------------------------------------------
 244 days until the Mars Phoenix lander arrives at Mars