Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 7 Jul 2005 14:59:09 -0400
From:      Louis LeBlanc <FreeBSD@keyslapper.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: SA rules_dujour
Message-ID:  <20050707185908.GE2096@keyslapper.net>
In-Reply-To: <3A85D7EF44E1C744BF6434691F5659E948F533@fci-ex.FCI>
References:  <3A85D7EF44E1C744BF6434691F5659E948F533@fci-ex.FCI>

next in thread | previous in thread | raw e-mail | index | archive | help

--gatW/ieO32f1wygP
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 07/07/05 02:04 PM, Jean-Paul Natola sat at the `puter and typed:
> Hi everyone,=20
>=20
> I have installed Spamassassin and rules_dujour
>=20
> I have NOT changed any settings , it is a vanilla install no config files=
 or
> anything has been modified, yet  spam is coming right through
>=20
> Here's the header of one; I feel I'm missing something , I mean just by t=
he
> subject I would think it would detect it--
>=20
>=20
> X-Spam-Score: 0.2 (/)
> X-Spam-Report: Spam detection software, running on the system "mfilter", =
has
> 	identified this incoming email as possible spam.  The original message
> 	has been attached to this so you can view it (if it isn't spam) or label
> 	similar future email.  If you have any questions, see
> 	the administrator of that system for details.
> 	Content preview:  Tuesday/Wednesday Sale! Fares from $49*. Tuesdays and
> 	Wednesdays just became your favorite days of the week! Take advantage
> 	of these great low fares and book your vacation today! Book on
> 	spiritair.com by 11:59PM EST on 7/6/05 for travel on Tuesdays and
> 	Wednesdays only from 7/12/05-9/28/05 unless otherwise noted. [...]=20
> 	Content analysis details:   (0.2 points, 5.0 required)
> 	pts rule name              description
>=20

Note the score and the required score.  0.2 is a good long way from 5.0.
You may wish to take any saved spam and use it to teach SA what spam is,
because the Bayes learner is actually quite good at swaying this the
right way.  Also, if you're like me, you'll want to bump the required
score down.

When I was getting 200+ spams a day (some days over 300), SA was letting
through 2 or 3 a week.  Now I get 3 or 4 a week (I shut off the problem
domain for 6 months) and SA lets 1 or 2 a week.  It's a numbers game.
The more educated Bayes is, the smaller the percentage of FNs are.

The problem is that Bayes won't kick in until you teach it with enough
spam - I don't remember the kick-in point offhand.  I've seen a message
get pushed through several different installations of SA (all the same
version and config) and come out with drastically different scores, all
because of Bayes.  The better systems are ALWAYS educated on a regular
basis.

Also, since you're starting off, you'll get a lot of mileage out of the
SA list.

I use Maildir mailboxes on my system and when I learned how important
teaching Bayes is, I actually wrote a little perl script to check for
spam messages marked as read (Maildir/.spam/cur/*) and pipe them
automagically through the Bayes learner before moving them off to the
spam backup directory.  I also separate out the autolearned spam and
just push that off to the backup regardless of the read/unread status.
I think I've gotten about 2 FPs in 3 years of using SA.  Those FPs
really weren't spam, but they were all messages I didn't want to get
anyway, like chain letters or some other rubbish.  :)

HTH
Lou
--=20
Louis LeBlanc                          FreeBSD-at-keyslapper-DOT-net
Fully Funded Hobbyist,                   KeySlapper Extrordinaire :)
Please send off-list email to:         leblanc at keyslapper d.t net
Key fingerprint =3D C5E7 4762 F071 CE3B ED51  4FB8 AF85 A2FE 80C8 D9A2

Linus' Law:
  There is no heavier burden than a great potential.

--gatW/ieO32f1wygP
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFCzXt8r4Wi/oDI2aIRAp+1AJ4i59oEwn4KGYtb97OjcnqdhnLAswCeIt6V
i9XjsJC/8NUCVMU8RBghFC8=
=LsPj
-----END PGP SIGNATURE-----

--gatW/ieO32f1wygP--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050707185908.GE2096>