kelson at speed.net
Mon Feb 28 20:02:31 EST 2005
> Also while poking around, some SURBL mails got through cause BAYES_00
> gave a negative score. In general do ya'll let BAYES_* rules score
Well, that *is* what they're for. Anything under 50% is supposed to be
more likely legit than spam, based on mail you've seen before. The
Bayes rules are there in part to compensate for things like news
articles about deposed African leaders and large sums of money that
might otherwise trip spam rules. I've actually increased the magnitude
of the scores on the lower-end Bayes rules. (Hmm, "increase your
magnitude" sounds like a phrase that'll show up in spam any day now.)
If you're geting BAYES_00 on lots of obvious spam, you need to re-train
your database or just stop using Bayes. Take a bunch of those messages
(as many as possible) that hit SURBL but also hit BAYES_00 and run them
through sa-learn --spam.
> What about the other negative scores? Just set them to zero?
There aren't very many left. AFAIK it's Bayes, Habeas, Bonded Sender
and ALL_TRUSTED (meaning the message started inside your network and
never left). SPF passes are technically negative, but they're scored
just enough to track (as they should be) and not to affect the score.
If you've got your trust path set up right, ALL_TRUSTED is pretty much
safe. If not it can cause problems, but you're better off fixing the
trust path than disabling the rule because the trust path is used for
other things. As for Bonded Sender and Habeas, forgeries are much
harder than they used to be, so it depends on how much you trust their
criteria and their verification process.
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang