Quoting Theo Van Dinter <[EMAIL PROTECTED]>: > If you learn a message that has already been learned as the opposite > type, > SA will auto-forget it before learning the way you specify. :)
I understand this, always have. This is what I usually do. I only did this is because I wanted to learn over a different message than the one that was auto-learned (different because I removed the habeas mark). > > As for removing the Habeas marks ... I wouldn't do that, since they > are, > in your case, an indication of spam. It's either a good indication of spam, or it is a good indication of ham. Either way, i don't think autolearn should take it into consideration (more on this later). > > It's default if you enable network checks (it's an RBL). :) Ah, ok. I usually set up any RBL checks at sendmail and not at SA. I couldn't find any info about the RBL on habeas's site...is it in a different RBL somewhere? How can I find out more about it? I already block using SBL and XBL...will those catch it? > Well, this is less a question of "should it be autolearned" and more > of a "how good is the Habeas system"... In the perfect world, it's > not forgable/misused and you would always accept it as a sign of ham, > and therefore autolearning is desired. > Agreed. However, it seems we should at least assume spammers will try to attack the Habeas model, and act accordingly. > Since we don't live in the perfect world, the question is: can the > Habeas folks act fast/complete enough so that forging/misusing the mark > is completely minimized? If they can, then there's not a huge issue -- > yeah, some spam will get through, but they'll quickly be squashed and > there you go. If they can't, then their whole business plan fails as > people start ignoring the mark, and again no problem since the SA rules > would go away. > I agree with all this, but what I'm worried about is my bayes database being posioned in the meantime. This has already happened with the [EMAIL PROTECTED]@ or whatever emails, they have been auto-learned as ham 15 times since we last talked--i'll bet you anything the guy could send one now without the Habeas mark and it will get thru on bayes scoring alone. I've finally got things straightened out I think, and I've had to disable the habeas mark checks in my local.cf by scoring them at 0. Consider: With the current scoring, If an email has a habeas mark on it, it doesn't really need to be added to the bayes database as the habeas mark will always pull down the score low enough to mark it as ham (except for the most extreme cases). So we don't really need to add those particular messages to the ham database anyways, as good as ham examples as they may be. On the other hand, if spammers try to abuse the habeas mark by sending out buckets of spammy emails with a forged mark, even after habeas fixes the problems, we're going to be seeing FNs forever more because now all that spam looks like ham to bayes. I'm just saying, the auto-learn for habeas-marked emails should be thought about...I don't see really any downside to removing it (or making it user configurable), and I see a lot of upside. Regards; DaC ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
