[quote user="Brian Fluet"]I only know the rudimentary concepts of spamhalter but doesn't moving a message out of the junk folder retrain as not spam? 

Also, I don't know whether spamhalter identifies when a message has already been processed and doesn't process it again.  I think the only way to test that would be to remove all of the spamhalter headers from the .cnm to see if it makes a difference.

[/quote]

A new spam of the type cited was caught by Spamhalter.

KSQR

For a week or so have been getting 1 to 3 spams/day where both the From and To addresses are my address.  Typical Spam Assassin grades the messages as spam:

 Content analysis details:   (19.1 points, 5.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.2 CK_HELO_GENERIC        Relay used name indicative of a Dynamic Pool or
                             Generic rPTR
  1.2 URIBL_ABUSE_SURBL      Contains an URL listed in the ABUSE SURBL blocklist
                             [URIs: pcsprocard.com]
  1.5 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  1.6 DATE_IN_PAST_03_06     Date: is 3 to 6 hours before Received: date
  3.0 BAYES_95               BODY: Bayes spam probability is 95 to 99%
                             [score: 0.9797]
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.9 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
  1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                             above 50%
                             [cf: 100]
  0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                             [cf: 100]
  3.0 URI_WP_DIRINDEX        URI for compromised WordPress site, possible malware
  2.0 RDNS_NONE              Delivered to internal network by a host with no rDNS
  2.0 HELO_DYNAMIC_IPADDR    Relay HELO'd using suspicious hostname (IP addr
                             1)
  0.2 HELO_DYNAMIC_DHCP      Relay HELO'd using suspicious hostname (DHCP)
  1.1 TO_EQ_FM_DIRECT_MX     To == From and direct-to-MX
X-Spam-Flag: YES
Subject:  ***SPAM***  Wanted regional manageres

Spamhalter returns the following when I try to reclassify as spam:

Is there a way to get Spamhalter to accept the reclassification as spam?

Thanks,

KSQR

[quote user="KSQR"]Is there a way to get Spamhalter to accept the reclassification as spam? [/quote]

Removing your address from the global whitelist should do it.  Other than that, you can't tell Spamhalter to ignore a specific whitelist entry.

Is there a reason you need Spamhalter to reclassify these messages?  Spam Assassin is already tagging them as spam so consider using a new mail filter rule to detect Spam Assassin's subject line ***SPAM*** tag and move those messages to the junk folder.

[quote user="Brian Fluet"]

[quote user="KSQR"]Is there a way to get Spamhalter to accept the reclassification as spam? [/quote]

Removing your address from the global whitelist should do it.[/quote]

My address is not in <white,pm> file which I understand is the Global Whitelist file.

[quote user="Brian Fluet"]Is there a reason you need Spamhalter to reclassify these messages?  Spam Assassin is already tagging them as spam so consider using a new mail filter rule to detect Spam Assassin's subject line ***SPAM*** tag and move those messages to the junk folder.

[/quote]

Do not want to bypass any opportunity to train Spamhalter.

KSQR

Check for your address in the JunkMail Whitelist distribution list (white.pml).  I don't know whether this list is used by Spamhalter though.

[quote user="Brian Fluet"]Check for your address in the JunkMail Whitelist distribution list (white.pml).  I don't know whether this list is used by Spamhalter though.[/quote]

Found a copy of (white.pml) in both C:\PMAIL\DEFAULTS and C:\PMAIL\MAIL\ADMIN  Each contained a single line: 

\TITLE Junkmail Whitelist

KSQR

I don't know of any other whitelists so am clueless what Spamhalter is seeing. 

Out of curiosity I would disable the global whitelist then test the reclassification just to see what happens.

From the help file about the global whitelist configuration:

Setting the number of entries to zero  As a special case, if you set the maximum number of entries in the whitelist to zero, you will effectively disable the whitelist without clearing it: Pegasus Mail will not check your whitelist, nor will it automatically add addresses to it, but any existing addresses in the list will be retained. This is handy in occasional cases where you want to disable whitelisting for a while then return to it later.

Brian

   Do you know what the difference between White.pml and White-m.pml in the user Newmail directory?  The latter of these two contains way more entries, and some are very strange (in my case).

Also in my case there is a line that contains"[NONE]" about half way through the file. Any idea what this section header could mean about half way through my file? Leading from that, if lines above and below this boundary are different, what is the difference?  To me it looks like the entries below the [NONE} are addresses I have mailed to, which would imply some kind of trust ?

Martin

I don't know what the purpose of the "[NONE]" is.  My white.pml list is empty except the title line.  I discovered that my global whitelist (white.pm) was quite large due to the setting being enabled that adds every mail recipient to it.  The max size was set to 500 but I suspect there wasn't any more that a couple of hundred.  Still, this is on my USB install so I emptied it to see what kind if performance impact it might have been having.

Regarding the white-m.pml question, did you mean white-m.pm?  If so, this is the global whitelist enabled for Mercury to use per the "Make this whitelist visible for Mercury/32 to use" setting.  Otherwise, I don't know of what the white-m.pml might be.  I know of the concept of public dlists but have never used them so don't know if the "-m.pml" is associated with that functionality.  I doubt it since the help file indicates that a public dlist is placed in a directory which is how public folders work.

Brian,  just a typo on the filename, it should be white-m.pm   Yes I had the "Enable for Mercury" checked, I have unchecked it now as I don't use Mercury.  I also have the automatic add for email addresses I send to checked,.  For the longest time I have had a New Mail filter that deletes any mail I receive from my own email address, which I occasionally check out.

Martin

[quote user="Brian Fluet"]Out of curiosity I would disable the global whitelist then test the reclassification just to see what happens.[/quote]

Did that.  When a new spam of the same type as the others came in today, Spamhalter did not catch it.On the positive side, I was now able to reclassify it as spam. Moved the spam into the Inbox, remarked it as Unread and closed Pegasus Mail. When I opened Pegasus Mail, Spamhalter still did not catch it.

KSQR

I only know the rudimentary concepts of spamhalter but doesn't moving a message out of the junk folder retrain as not spam? 

Also, I don't know whether spamhalter identifies when a message has already been processed and doesn't process it again.  I think the only way to test that would be to remove all of the spamhalter headers from the .cnm to see if it makes a difference.