Carnegie, Martin wrote: > Hi All, > > We have been using SA for the past year and a half with detection > rates around 95% or better (based on client feedback). Over the past > couple days (since Thursday April 21st) we have been getting lots of > spam making it through with detection rates at about 50%. Has anyone > else seen this? > > We are currently on 3.0.1 with the following rules > 40_antidrug.cf > 70_sare_adult.cf > 70_sare_html0.cf > 99_chickenpox.cf > 99_mangled.cf > 99_sare_fraud_post25x.cf > > We are not using Bayes, Razor or Pyzor as we have had really good > success without them. > > Any recommendations (other than the "turn on Bayes")?
My first suggestion would be to remove 40_antidrug.cf. While this won't improve your hit-rate, it will remove duplication in your configuration. SA 3.0 and higher ship with antidrug already included in 20_drugs.cf, so 40_antidrug.cf is just a duplication. To up hit rate I'd recommend adding the SARE random ruleset, and the tripwire ruleset. Also, make sure your Net::DNS is sufficiently up-to-date so that the URIBL tests (SURBL, etc) can run. Look to make sure you've got some spam hitting URIBL_SC_SURBL, URIBL_WS_SURBL, etc. Lastly, make sure that no spam messages are hitting the ALL_TRUSTED rule. If they are, try checking for a broken trust path: http://wiki.apache.org/spamassassin/TrustPath
