From: "Jim Smith" <[EMAIL PROTECTED]>
I have been using an email address for all maillists that I subscribe to
that doesn't get filtered by SA. Since subscribing to this list, it is now
being pounded with spam (gee, who'd guess that a SA list would be harvested
and pounded by spammers <grin>). Anyway, I'm going to change email addresses
and ditch this one so I can use SA but I'm wondering what I should
whitelist.
If I do "whitelist_to: users@spamassassin.apache.org" and ditch everything
else, will that give me all the SA list emails without the debris? Or do the
spammers forge the "to" field enough to make that impractical?
Jim, I have a trick that I've not refined to the level I'd feel
comfortable with submitting to SARE that may help. I am a member of
quite a few mailing lists. Some I "slightly whitelist" and others I
have to do special things to support. The FreeBSD user list and the
LKML list do not filter spam very aggressively. Therefore I have a
negative 2 scoring rule that detects these lists. Then I have four
other rules for BAYES_HI, BAYES_VHI, BAYES_LO, and BAYES_VLO. Each
of these is a meta rule that trigger when any of various combinations
of the rules hit. I use these to "diddle" the BAYES scores by adding
or subtracting "roughly" 2 for hitting the list rule and the various
BAYES meta rules. So a very high Bayes gets 4 added. And for BAYES_VLO
I subtract about 4.
Since I put this in my false alarm rates on those two lists has gone to
zero over about the last 4500 messages in my mailbox. (These two lists
are good for about 100 to 250/day so the run from last Monday is large
enough that I would normally have had a false alarm or two. I need to
wait out next week before I am satisfied with them.)
This sort of rule's chief problem is that SARE rules don't generally
require (or support well) any custom diddling on the rules, which would
be needed to use these rules as a SARE download without an override for
the list of generic mailing lists that is used.
You might try the idea on your system and see how it works. (I also
note that this may be a "solution" to the YahooGroups and GoogleGroups
spammers I see. I've not tried it yet. That pair would need a slightly
different tweak on the BAYES "diddle constant" scores.
{^_^}
