Joe Zitnik wrote: > Here is the list of rules I am currently using, in addition to the SA > 3.0.4 default rules: > > 70_sare_adult.cf > 70_sare_bayes_poison_nxm.cf > 70_sare_evilnum0.cf > 70_sare_evilnum1.cf > 70_sare_genlsubj0.cf > 70_sare_header0.cf > 70_sare_html0.cf > 70_sare_html1.cf > 70_sare_obfu.cf > 70_sare_oem.cf > 70_sare_random.cf > 70_sare_specific.cf > 70_sare_spoof.cf > 70_sare_stocks.cf > 70_sare_unsub.cf > 70_sare_uri0.cf > 70_sare_whitelist.cf > 72_sare_bml_post25x.cf > 72_sare_redirect_post3.0.0.cf > 88_FVGT_body.cf > 88_FVGT_headers.cf > 88_FVGT_rawbody.cf > 88_FVGT_subject.cf > 88_FVGT_uri.cf > 99_FVGT_meta.cf > 99_FVGT_Tripwire.cf > 99_sare_fraud_post25x.cf > 99_sober.cf > bogus-virus-warnings.cf > mime_validate.cf > mysurbl.cf > rolex.cf > stockspam.cf > subevil.cf > weeds_2.cf > > Are there any of these rules that are redundant, no longer necessary, > or of no benefit? My mail volume used to be about 30,000 a day, and > these rules were fine for that volume. We're now getting upwards of > 140,000 on some days, and my boxes are having trouble keeping up. > Rolex and stockspam are probably covered in others, but they're only > about 2k a piece. I'm hoping some of the larger ones can go buh-bye.
On a quick glance-through, I don't see any rules that are not recommended, but I'm not familiar with some of the non-SARE rules in the list. If you want to get rid of some of the files, you should track how useful they are for you and get rid of the ones that aren't helping. If you are using spamd, the sa-stats.pl program will give you quite a bit of info, but for add-on rules in particular, I wrote a program that may be useful. It is also for spamd logs and it shows you how each rule in each ruleset is performing. It also shows overall performance for the ruleset and the top add-on rules for ham and spam. It takes mostly the same arguments as sa-stats. I also added the capability to automatically deal with compressed log files. This program dumps a lot of output, so make sure you either pipe it to a file or run it on a terminal with lots of scrollback. -- Bowie
sa-addon-stats.pl
Description: Binary data
