On 02/20/2014 06:22 PM, Amir Caspi wrote:
On Feb 20, 2014, at 10:15 AM, Axb <axb.li...@gmail.com> wrote:
What kind of traffic are you dealing with? personal, corporate?
ISPish? How many domains/users/msgs/day?
This is mostly personal email with a little bit of corporate. In
this instance, it is for a single domain with 3 users and
approximately 50-100 total legitimate messages per day (but HUNDREDS
of spams per day, most of which are properly classified; I am seeing
only a few [<10] FNs per day, although those FNs are, as I described,
getting Bayes_00... they are almost always image spam with not much
text.)
I do have a number of other domains but I don't monitor the spam
quality on those actively (and I haven't received complaints).
In your case this is what I'd do.
I hope you're running SA 3.4 so:
Assuming you can check maillogs and can either detect some spammed
unknown user patterns or have a dedicated trap domain to spare, I'd
accept that mail and write some header rules to score the trap
rcpt/domain REAL high and use a rule like
tflags RULENAME autolearn_force
obviously you'll need
bayes_auto_learn 1
That would help feed your small Bayes DB pretty fast and help detect all
kinds of crap.
h2h
