On Mon, 2014-08-11 at 16:38 +0200, Matteo Dessalvi wrote:
> I am planning to install SA on our SMTP MTAs, which deals only with
> outgoing traffic generated in the internal network.
Outgoing traffic. That means, most DNSBLs are either completely useless
or effectively disabled. You'll also need to zero out the ALL_TRUSTED
rule for the same reason.
> I am making the assumption that our clients are mostly sending 'clean'
> email (I know, I am trusting *a lot* my users but nevertheless....).
>
> So the question is: how efficient will be SA without using the bayesian
> classifier? Are all the remaining rulesets (apart from BAYES_*)
> sufficient to shave off spam email?
Define spam.
Running SA on your outgoing SMTP will not catch botnet generated junk,
neither spam nor malware. This would require sniffing raw traffic. Or
completely firewalling off outgoing port 25 connections.
You explicitly mention your users (corporate or home?) "sending mail".
Are you talking about them possibly running bulk sending services, or
hand crafted unsolicited mail to individual recipients?
Unless there's a 419 gang operating from your internal network, there
might not be much left for SA with stock rules to classify spam...
That said, it is entirely possible to run SA without the Bayesian
classifier. There's an option to disable it, and different score sets
are used generated specifically for this case.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
