On 2013/04/22 06:27, Thomas Cameron wrote:
On 04/08/2013 03:52 AM, Andrzej A. Filip wrote:
On 04/08/2013 05:12 AM, Thomas Cameron wrote:
[...]
I want to delete any spam that scores over 10, though. I believe that I
should insert a new rule between the first and second, and I want to use
the X-Spam-Level header. But since it uses asterisks, which are
interpreted as regex wildcards, I want to make sure I've got the right
syntax. I think I would need to escape out the asterisks, right?
Would it look like this?
:0:
* ^X-Spam-Level:.*\*\*\*\*\*\*\*\*\*\*
/dev/null
I believe that would match 10 asterisks or more, and redirect the e-mail
to /dev/null. Am I right?
I would suggest redirecting such messages to another folder/maildir.
The folder should auto-purge old messages (e.g. older than 30 days).
Shit does happen. I remember at least one case in which mailing list
(ham) thread about spammer scored >10.
Such very false positives are very unlikely/rare *but* nobody
responsible is going to guarantee it will not happen to you.
So, I've set up two IMAP folders, "spam" for messages which are in the 5-10
range and "super-spam" which are over 10. I've been watching them since the 7th,
when I updated SA and configured it based on Warren Togami's most excellent
guide at http://www.spamtips.org/p/ultimate-setup-guide.html.
So far the "super-spam" folder is getting messages at about 10:1 over "spam." I
have not seen a single FP in "super-spam" in that time. In fact, I have not seen
ANY FPs in either folder.
At this point, I'm pretty comfortable just nuking that e-mail instead of wasting
space with it.
Currently I'm using procmail recipes for individual users, but I'm leaning
heavily towards going back to spamass-milter, and rejecting everything that
scores 10 or more.
I'm definitely open to suggestions, though. The only argument I have seen so far
is "you might get a FP." While that is absolutely valid, it has not happened so
far. If I use spamass-milter, the sender will get a rejection notice, so
important senders which trigger FPs will be able to call me and let me know.
Otherwise, I don't think the message is that important. ;-)
Thoughts?
Thomas
Thomas, you are still better off using a spam folder or simply a
subject modification that allows easy spam ranking in a spam folder.
I setup a markup such that subjects look much like this:
Subject: *****SPAM***** 016.2 ** Do you have a mesh implant {removed]
That allows me to put anything marked *****SPAM***** at the start of
the subject as spam. And it allows me to sort the spam for how spammy
it is. I can then whiff through the spam in moments to find things
that were miscategorized as spam and salvage them. I (very rarely)
find ham in the spam with scores over 10 on some mailing lists. There
are some people who persist in using tools that invite spam scores
and include messages that look surprisingly spammy in their formatting.
(Source code can VERY often trigger some spam scores, for example.)
And as sure as Murphy's law seems to work with uncanny precision you
will find over the years at least one email among the spam that could
have cost you either a lot of money, a lot of time, critical information,
or lost opportunity.
I've nuked some jerks with /dev/null before it even hits spamassassin.
But I've never nuked merely on the basis of spam scores. That led me
to a job when a friend sent me a note about an opportunity he thought
I could do when he had his hands full. It was caught as spam. And I am
glad I checked and noticed his address. That pushed me to check the mail
(plain text) and discover it was legitimate despite containing a few
"spammy" words or phrases.
Use the mark up to make it easy for you to prioritize your spam scan. I
get 16 to 100 spams a day, depending on day of the week. A quick scan of
the spam folder costs almost no time, no frustration, and seems worth it
to me. Being able to tell T'bird to sort the mail by score REALLY makes
it go fast.
{^_^}
