Although I've been running SA, now 3.1.x, with amavisd-new and postfix
on FreeBSD 5.4 for some time now, I've not looked at SA closely, only
when there's an issue, and now trying to go over my settings for
optimizing. First of all, I ran 'spamassassin --lint -D' to look for any
trouble and found the perl modules Net-Ident, IP-Country-Fast, and
IO-Socket-INET6 were not installed, I hope that was a hole letting some
spam through and now shut. Trying now to understand how bayes works, my
debug tells me the following tests:
[33431] dbg: check:
tests=BAYES_20,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
[33431] dbg: check:
subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__UNUSABLE_MSGID
Then, in my local.cf file, I have:
score RAZOR2_CHECK 2.500
score BAYES_99 4.300
score BAYES_80 3.000
Can someone tell me if these settings are good or point me to the best
doc for reading up on how to best implement BAYES and other tests. I
find so much information, not sure which is most current or the best
advice. I am an ISP that processes all mail through two gateways. Each
gateway processes over 100K messages per day. I do not have any current
load issues. I run rules du jour:
[ "${TRUSTED_RULESETS}" ] || \
TRUSTED_RULESETS="TRIPWIRE ANTIDRUG \
SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 \
BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_BML SARE_SPOOF \
SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER0 \
SARE_HTML0 SARE_HTML1 SARE_SPECIFIC SARE_OBFU0 SARE_REDIRECT_POST300 \
SARE_GENLSUBJ0 SARE_UNSUB SARE_URI0 SARE_URI1 \
SARE_WHITELIST SARE_WHITELIST_SPF SARE_STOCKS";
I don't have a big problem with spam, but several are consistently
getting through. Most notably those image only stock spams I read about
here on the list.
--
Robert
