Chris wrote: > I decided last week to finally give the short circuit plug-in a try to > see how much it sped up detection. Its working great on spam:
> but not so well with ham: > > Aug 4 14:22:48 localhost spamd[1023]: spamd: result: . -10 - > AWL,BAYES_00,DCC_CHECK,DK_POLICY_TESTING,KHOP_RCVD_UNTRUST,RCVD_IN_DNSWL_HI,RCVD_IN_JMF_W,RDNS_NONE,SPF_PASS,UNPARSEABLE_RELAY scantime=23.1,size=2682,user=chris > > the rules I'm using are straight out of the WiKi: http://wiki.apache.org/spamassassin/ShortcircuitingRuleset , I presume. > > Are there any others I can add to the ham rule to speed things up? For > instance can BAYES_00 be added or would that tend to cause FN's? A handful, depending how well Bayes has been trained. BAYES_00 is the example given in the 60_shortcircuit.cf file in the rules directory, which you probably want to read. You could add RCVD_IN_DNSWL_HI which is in your example. _MED I'd expect some FNs from. Have you set up whitelist_from_dkim and whitelist_from_spf rules ? The latter could also be used to shortcircuit your example. (Any authenticated mail going through the same installation could be shortcircuited with ALL_TRUSTED. You can also then add some trusted_networks.) Yet another possibility is including some codeword above the cut in your signature, so that replies are detected by a shortcircuited ham rule. For general incoming mail, there may not be that much shortcircuiting that can be done - the rules have to be run to decide if something is spam. However, I'd quite like to see a shortcircuit plugin that stops processing more rules as soon as the running total gets to, say, 12 points. >Can > another rule be added for spam that contains entries like: > > SAGREY, RCVD_IN_BRBL_RELAY, URIBL_BLACK and so forth with my highest > hitting rules. Would it be written similiar to the SC_NET_HAM rule? It can, give all those and the corresponding meta rule a priority of say -400, give the meta rule a score of 20, and shortcircuit SC_NET_SPAM on. But I'd guess you'd get FPs: more perhaps with those rules than with SpamCop (on first trusted relay) and URIBL_(whatever)_SURBL. HTH CK
