This method wouldn't work for us as I can not keep a copy of all mail through the server for legal reasons. What I need is a way for spamd to log the hit count for each rule as it processes the mail. This way I can prune old rules from the system (we currently run close to 16000 rules) and cut down on the load of the mail server. At one point all four cpu's were running full bore so we had to cut the rules in half (down to 16000). Of course this resulted in an increase in spam received to our users.
My response to this was to find a way to log the hit count for a rule and retire our rules that don't do much.
Most of our rules that are very affective for us are URI match rules. Almost all spam comes through with a url to click on, or a url to load an image from. Most spammers have multiple domains they use, and rotate through them. We match these domains and add a 2 to the score. I can not stress enough how effective this is. It cuts down the spam down from 100-200 a day to 2-3 a day per user (obviously some users do not get quite as much).
The other way I have to prune rules is to remove a rule after the domain name has expired. This however isn't as accurate in some ways, because the domain wouldn't get removed for a year. However if the domain is expired it defiantly doesn't belong as a rule.
Steve
Matt Kettler wrote:
At 10:09 AM 12/10/03 -0500, Stephen M. Przepiora wrote:
Hello, I have constructed a huge list of rules and wish to detect how good they are. Is there a way to log the count of rule matches somewhere?
if you've got a spam/ham corpus, you can test your rules using the tools in the masses/ subdirectory of the tarball.
You'll want to use mass_check, and hit_frequencies.
The rule guide has a very short note about it at the bottom (section 3.4) but I've not added an example run yet.. It's my intention to write a separate guide for corpuses, mass_check, etc.
http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
