You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Troy Bull <tr...@uni.edu> on 2004/10/26 15:25:10 UTC
Problems With 3.01 detecting spam
Greetings:
I have my own little mail server where I have global bayes and I use spamd.
It used to work almost perfectly now I have many problems. I have
implemented the following rules in local.cf:
------------------
#this is my local site wide config
required_score 6.0
report_safe 1
lock_method flock
use_bayes 1
bayes_auto_learn 0
bayes_path /home/users/spamd/bayes/bayes
bayes_file_mode 0666
skip_rbl_checks 0
use_razor2 1
use_dcc 0
use_pyzor 0
ok_languages all
ok_locales all
##################
# Try this for a while see how it works.
score ALL_TRUSTED 0
score BAYES_99 8.0
score BAYES_95 6.0
score BAYES_80 4.0
score BAYES_60 2.0
score BAYES_50 1.5
score BAYES_40 1.0
score BAYES_20 0.5
----------------------
This seems to work ok, but I am wondering why do I need the "score" lines.
Without these lines much spam makes it to my inbox, and it is obviously
spam. Does anyone have any ideas or should i just stick with this setup?
Thanks
Troy
Re: Problems With 3.01 detecting spam
Posted by Troy Bull <tr...@uni.edu>.
----- Original Message -----
From: "Matt Kettler" <mk...@comcast.net>
To: "Troy Bull" <bu...@troy.its-is.uni.edu>; <us...@spamassassin.apache.org>
Sent: Tuesday, October 26, 2004 9:17 AM
Subject: Re: Problems With 3.01 detecting spam
>
> 1) your trusted_networks needs to be manually set..ALL_TRUSTED should only
> fire for mail that has never been outside your trusted network (ie: the
> network you admin). This also impacts the efficacy of certain other rules
> line dialup DNSBLs.
I set this to being local to my machine only.
>
> 2) it's odd (to me) that you need to jack up the bayes scores.. especially
> for the lower ranges.
> Are you using network tests?
Yes (I think so)
> Are you using surbl with them?
Again, yes I think so , how can i tell for sure?
> The reason I ask is surbl is quite efficient, and it's diluted the
> scores of other rules a slight bit.
>
> I'd also consider trying to train your bayes more aggressively.. If you've
> got spam matching BAYES_20 on any kind of regular basis, that's a problem.
I dont have that happening, most of the time with Bayes when it is a spam it
gets 80 % or above.
Re: Problems With 3.01 detecting spam
Posted by Matt Kettler <mk...@comcast.net>.
At 08:25 AM 10/26/2004 -0500, Troy Bull wrote:
># Try this for a while see how it works.
>score ALL_TRUSTED 0
>
>
>score BAYES_99 8.0
>score BAYES_95 6.0
>score BAYES_80 4.0
>score BAYES_60 2.0
>score BAYES_50 1.5
>score BAYES_40 1.0
>score BAYES_20 0.5
>----------------------
>
>This seems to work ok, but I am wondering why do I need the "score" lines.
>Without these lines much spam makes it to my inbox, and it is obviously
>spam. Does anyone have any ideas or should i just stick with this setup?
From the looks of that:
1) your trusted_networks needs to be manually set..ALL_TRUSTED should only
fire for mail that has never been outside your trusted network (ie: the
network you admin). This also impacts the efficacy of certain other rules
line dialup DNSBLs.
2) it's odd (to me) that you need to jack up the bayes scores.. especially
for the lower ranges.
Are you using network tests?
Are you using surbl with them?
The reason I ask is surbl is quite efficient, and it's diluted the
scores of other rules a slight bit.
I'd also consider trying to train your bayes more aggressively.. If you've
got spam matching BAYES_20 on any kind of regular basis, that's a problem.
Re: Problems With 3.01 detecting spam
Posted by Matt Kettler <mk...@comcast.net>.
At 08:25 AM 10/26/2004 -0500, Troy Bull wrote:
>required_score 6.0
>This seems to work ok, but I am wondering why do I need the "score" lines.
>Without these lines much spam makes it to my inbox, and it is obviously
>spam. Does anyone have any ideas or should i just stick with this setup?
Wait.. One thing I noticed... you've got the required_score jacked up to
6.0.. If you've got FN problems, I'd consider dropping that back to 5.0.