Alex Woick wrote:
John Rudd wrote:
Botnet's score of 5 is meant to say "this message should be
quarantined or flagged for review". It's not saying "this message is
_definitely_ spam".
In my opinion, this is not quite according to the concept of
SpamAssassin. SA has a bunch of rules that give qualified hints about
the spamminess of a message. One hint alone is never enough, it always
takes some of them until a threshold (5) is crossed and above that the
message is considered spam. The more hints, the higher the spamminess.
This works so good that I trust the hints if the score is above 10.
These messages end up in a very seldomly accessed "sure spam" folder
that is auto-purged. Messages from 5 to 10 gets moved to a "probably
spam" folder that I inspect once a week perhaps. But I always consider
these messages as spam with a solitary false positive that slips there.
The philosophy behind SA suggests this approach, in my opinion.
Botnet doesn't fit this philosophy - its score is way too high and the
false positive probability is also too high to justify that a message is
condemned as spam on one single rule. In my opinion, its default
configuration should be according to SA defaults, so its score should be
something between 1.5 and 3. If the message is spam, other rules most
certainly also hit and push it above 5. If the message is ham, no harm
is done and it is not denounced as spam.
No offense meant - only my point of view.
You say it doesn't fit your philosophy of how to use spam assassin, yet
your mechanism is exactly the same as mine:
score between 5 and 10 is merely "probably spam". Above 10 is
"definitely spam".
I reject during SMTP at 10 or greater, and I put it into a quarantine
folder for 5 <= score < 10.
In my experience, the _VAST_ Majority of messages that Botnet flags are
"probably spam" (actually, the fact majority ARE spam). That fits your
own philosophy of the 5-10 range.
The number of messages that get flagged by Botnet but aren't spam is, in
my observation across a few sites, less than one tenth of one percent.
No offense taken. I just think your opinion is self-contradictory. The
only thing that isn't contradicted by your statement is that you think
it shouldn't all rest in one test. Yet, there are plenty of anti-spam
mechanism that do just fine putting it all in one test (using RBL's at
the MTA level, Greylisting, Greet-Pause, etc.). Botnet is just another
one of those.
