On 8/7/2014 9:16 AM, Andy wrote:
I have now had three different rounds of complaints/discussions with their
tech support about it, (January, May and this past July). During that time
the server was rebooted, or my website rebooted, my server changed (just
within the past couple of weeks), the filtering score lowered (now at
2.5). None of these things ever had any noticeable effect, but
occasionaly, seemingly without any changes made, the spam to the Inbox
would decrease to just 1 or a few a day. But the average per day going
into the Inbox is between 20 and 30 pieces of spam.
2.5 is rather low. If it is not filtering quite a bit of spam (and
probably some non-spam as well), there is something wrong.
Despite the various attempts at fixing the problem by the tech staff and
admins at Lunarpages, there has been a repeated "party line" if you will -
that they are not responsible for the software, it being both free and
common source, and that I am free to read up on it. I have gotten
contradictory viewpoints as to the efficacy of Spam Assassin: first being
told that if I wanted a better filtering system I could upgrade, by
payment, to "MX", as well as being told as late as last week that Spam
Assassin is a "superior" filtering software.
SpamAssassin is an excellent spam filter, but it does need a bit of
configuration for optimal use.
I have been told that Spam Assassin "learns" what is spam over time. But
when I ask the support staff just how that occurs, I get no answer. When I
point out that there is no mechanism, such as with Gmail, to "report"
something as Spam with a mere click, I get no reply. I am at a loss to
understand how Spam Assasin is learning anything. All the spam that is
coming in, either to the Inbox or Spam folder, are very similar in style,
some of them as I said identical, and many of them selling the same
product. But while one goes to the Inbox, another goes to the Spam folder
without my understanding why. (Yes, technically the scores are such that
would say "this is not spam" but the amount of such spam that Spam Assasin
is calling "not spam" is, in my opinion, inordinately high - equal to or
greater per day than what is getting called "spam".
SA's "learning" is done by the Bayes engine. Emails with a high enough
spam score is learned as spam, emails with a low enough score are
learned as ham. Once enough mail is learned (200 ham and 200 spam), it
will start scoring the emails based on what has been learned. You can
learn emails as spam or ham manually as well, but this is done with the
"sa-learn" command. Most people will designate imap folders for
learning ham and spam. Then you have a cron job that runs sa-learn on
the messages in those folders on a regular basis.
This is only a secondary system, however. While Bayes is quite good,
the main way SA catches spam is via the static rules. You need to make
sure these rules stay up to date for the best results.
I would appreciate any insights anyone can offer to me, or for that matter
to Lunarpages because I'm not clear that even they understand what is
going on, nor how to fix this very nagging problem.
Assuming you have admin control...
1) Set the required_score back to 5.0. This is what all the SA rules
are tuned for.
2) Make sure SA is up to date. Current version is 3.4
3) Make sure the stock rules are up to date. Run "sa-update" to update
the rules. You should have a cron job running this automatically once
per day or so.
4) Make sure the network rules are enabled and working
URIBL and some other blacklists are enabled by default. You should
use a local caching DNS server for best results.
Razor and DCC are also useful. You will have to install them and
then activate them in one of the .pre files in the SA config directory.
5) Install some third party rules.
The KAM rules are good:
http://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf
Sought is another good one:
http://wiki.apache.org/spamassassin/SoughtRules
(Sought is currently not being updated, but hopefully that will
change soon)
Lastly, use pastebin.com to show us some samples of spam that you think
should have been caught. Make sure you include all of the headers (in
particular, there should be some X-Spam headers showing what rules were
matched).
You can add this line to your local.cf (or user_prefs) to get full
scoring information on all emails (default is spam only):
add_header all Report _REPORT_
--
Bowie
