Re: Beginner's question on rules

Sun, 24 Jul 2011 09:03:11 -0700 

On Sun, 24 Jul 2011, Stephan wrote:


I have been setting up a home mail server recently and it seems that I
cannot get all spam trapped correctly. Example is below for instance:

http://pastebin.com/EBER8iuP

This one that I definitely consider as spam gets classified as non-spam.
It seems it hits correctly the BAYES_99 but as my threshold still is the
default 5 it gets reported as non spam, depsite other rules to be
triggered.

So my question is, what should I do basically to increase the accuracy of
this detection ? Should I change my thresholds ? Manually create a
blacklist ? Add some custum rulesets (I recently added Khopesh's one)

Any pointer will be welcome,
Tweaking your threshold by itself is not generally a good idea. You want to add more rules that detect spam that isn't scored high enough.
Here's a rule that should hit on messages generated by the bulk mailing service that message used: 

  header      XM_EC_MESSENGER      X-Mailer =~ /\beC-Messenger\b/
  describe    XM_EC_MESSENGER      eC-Messenger bulk mail service
Even though neither of the domains spamvertised in that message are listed at SURBL.org, I'd suggest considering the use of greylisting to give spamvertised domains a chance to show up in the URIBLs that SA checks. You might also want to report news-fashion-shopping.com to SURBL.
Sadly, there are not a lot of rules in the standard corpus for languages other than English. If you receive a lot of legitimate mail in French, you may want to boost your score for BAYES_99 and ensure you train it carefully. 

--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Health Care _is_ a right - the government has no business keeping
  you from getting it. But forcing somebody else to pay for your
  health care at gunpoint (i.e. through taxation) is _not_ a right.
-----------------------------------------------------------------------
 227 days since the first successful private orbital launch (SpaceX)

Reply via email to