-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm getting spam mail that the Bayesian filter marks as 99% spam, but the overall score is below 5. For me, this is a security related problem, as I'm getting intruded by Spam that previously was dumped. For example, the report for one such email says: X-Spam-Status: No, score=2.6 required=5.0 tests=ALL_TRUSTED,BAYES_99, HTML_20_30,HTML_IMAGE_ONLY_24,HTML_MESSAGE autolearn=no version=3.0.2 To me, something that the bayessian filter says is spam within 99%, _is_ spam. However, the scoring used that I see from the tables in /usr/share/spamassassin/50_scores.cf seems to be this: ALL_TRUSTED -2.867 What is that? :-/ BAYES_99 4.070 HTML_20_30 0.567 HTML_IMAGE_ONLY_24 0.787 HTML_MESSAGE 0.001 Total: 2.558 (matches above) What is that "ALL_TRUSTED"? I see in "20_compensate.cf" this: # The message was never sent via an untrustworthy host. header ALL_TRUSTED eval:check_all_trusted() describe ALL_TRUSTED Did not pass through any untrusted hosts tflags ALL_TRUSTED nice It probably means that it was sent through verizon.net. So what? Ok, I'll try to disable it. The default scoring is set in 50_scores.cf as: score ALL_TRUSTED -2.400 -2.820 -2.867 -3.300 The third scoring column is used: Bayessian tests enabled, network tests dissabled. So I go to "/etc/mail/spamassassin/local.cf" and change the score, initially dividing all the values by 4, to: score ALL_TRUSTED -0.600 -0.705 -0.717 -0.825 I suppose that a "score" set in there supplants the default one, no? Well, no! I send that spam email to myself, after restarting the spamd service, and I get: X-Spam-Status: No, score=2.8 required=5.0 tests=ALL_TRUSTED,BAYES_95 autolearn=no version=3.0.2 It is not working. How do I disable that "ALL_TRUSTED" test? I also did the change directly in "/usr/share/spamassassin/50_scores.cf", and the result is the same: X-Spam-Status: No, score=2.8 required=5.0 tests=ALL_TRUSTED,BAYES_95 How on earth do I disable that $&%$/$/* "ALL_TRUSTED" test? How do I make that spam marked as BAYES_99 does get flagged as SPAM: yes? Configuration changes in scoring are not read at all... not even after a reboot. :-/ - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFCfJ2ItTMYHG2NR9URAp7pAKCQfWKZIV8oXw/D+qXrt+6QSvW3GwCdFmU+ Ewo8BKblWvru48yVXhstswQ= =N+7g -----END PGP SIGNATURE-----