-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Chris,
Friday, June 6, 2003, 10:03:20 AM, you wrote: CB> The isp I use for my private email address has recently started using CB> SA. It seems to work 'ok', but it seems to still generate: CB> * far too many false negatives CB> * occational false positives CB> I am more concerned about the false positives. Looking at the headers CB> of those messages that are legit, it seems that the biggest score comes CB> from the BAYES test. I wouldn't be surprised that these are coming from the email of other customers of the ISP. CB> Is there a place that talks about how that score is derived? It seems CB> that when I have a friend that uses HTML formatting (or heaven forbid, CB> Incredimail) they have a MUCH higher chance of being tagged as a CB> spammer. Check with your ISP -- do you have access to your $HOME/.spamassassin/user_prefs file? If your ISP also provides you with a minimal web space, chances are the answer is yes, and you can FTP files to that area. They should be able to help you verify this. What scores are your FPs getting? The default "this is spam" threshold for SA is 5.0, and the docs strongly recommend increasing it. I've updated my user_prefs file to read > required_hits 9 and I've had only two false positives since that time. Where are the false positives coming from? My father is also an Incredimail user, but I'm able to add > whitelist_from [EMAIL PROTECTED] and so his email comes through AOK. I've also whitelisted those organizations with newsletters which I and my wife intentionally subscribe to. Finally, I play around a lot with the various rule scores. I've collected almost 3,000 spam in my personal spam folder, and have about 5,000 ham in scattered email folders, all available for search within my email client. I'm therefore able to see which rules tend to kick ham into spam territory, and I lower the score for those rules. I also see which rules tend to kick spam into ham territory and raise those rules. Some, like NIGERIAN_BODY I've bumped up to 6.1. I'm now catching well over 99.5% spam, and haven't had a false positive in weeks. Once you've done some minor enhancements to user_prefs, you might look into whether you can run sa-learn yourself. Can you telnet to your ISP and issue commands on their system? If so, you can take your false positives, FTP them as is to your ISP, and run sa-learn against them, telling bayes to reclassify these emails as ham. I also take the spam which didn't hit 9.0, and even spam between 9 and 10 with a low bayes rating, and relearn that as spam. I have what I consider to be fairly minimal access to SA, and yet I've been able to do a lot to improve SA's performance for me. Bob Menschel -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPuFFJpebK8E4qh1HEQKiFgCeNePPQ2s3Xhv/7NKGw1ktxrtd4pYAniEH FKTmOONcpSe2xGHokn1hrZAi =jBTu -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
