On Fri, 17 Oct 2014 20:04:11 +0200 Reindl Harald wrote: > a perfect trained bayes on the inbound spamfirewall > >> * after recently a account was hacked and sent spam > >> (luckily not massive by rate-limits) which would have > >> been clearly caught by SA/spamass-milter i consider > >> to install SA also on the submission servers and just > >> rsync the bayes per cronjob > > > > This is not ideal, a well-trained incoming database wont be > > well-trained for outgoing mail > > the 2000 ham samples are incoming and outgoing legit mail
If possible it's better to keep them separate because there will be tokens frequencies that are very different between the two types of ham. For example, if a spammer is sending-out spam spoofing a bank, you don't want to have legitimate incoming mail from that bank in your ham corpus.
