Robert Bartlett wrote: > Since finding out the trusted_network issue I question the rest of my > local.cf setup. Right now I have AWL turned off and auto learning for bayes > turned off. My question is does SA benefit from turning those 2 back on? Of > course I would clear out AWL and bayes and start from scratch if I did. But > would it make it easier for bayes to be "poisoned" if I turned auto learn > on? Im on SA 3.0.1.
Warning: 3.0.1 is subject to a DOS vulnerability. Unless you're using a distro-port which has backported fixes, consider upgrading to 3.0.5 or 3.1.0. Personally, I don't like the AWL, but it does have its uses. The nice thing about the AWL is you'll avoid FPs from people who frequently mail you. At the same time, people who frequently spam you will be less likely to have a FN, but since spam addresses change constantly this is less common. The AWL can be poisoned by a slightly clever spammer, but at best this gets them a "half off your score" for the real spam. For this reason, I keep it disabled. Bayes autolearning can be very useful, but I'd suggest adjusting the ham learning threshold. The default of 0.5 is too high for my liking and can sometimes cause problems. I run mine at -0.01 and have added a bunch of simple rules with small negative scores (-0.01 to -0.1) such that common business related ham messages will get autolearned. That said, several people like Justin Mason run the bayes system on autolearning only with the default settings and have no problems. Really most of the sites I've seen where the autolearner went awry started off with no manual training. While most of the time this goes OK, sometimes the bayes DB can start off on the wrong foot due to some low-scoring spam. It seems that this is the biggest risk of the bayes autolearner.
