On Sun, Sep 25, 2016 at 04:46:28PM -0400, Alex wrote: > Hi, > > I have another rule with a questionable score that's hitting too much ham. > > From: "Customer Support" <customer.supp...@e.heritageparts.com> > dbg: rules: ran header rule __FROM_WORDY ======> got hit: "Customer.Support@" > > http://pastebin.com/3qw6jLZp > > This rule involves a few others, including __KHOP_NO_FULL_NAME and > __FROM_FULL_NAME, there doesn't look to be anything out of the > ordinary in that address to me...
Generally speaking, everyone's spam is different. Part of maintaining a SA install is tweaking the rules, weights, and thresholds for your particular spam & ham stream. The default score weights are based on a set of machine learning algorithms that analyze a specific corpus of spam and ham. They are by no means guaranteed to work perfectly for everyone. Typically, if I find a rule seems to be misbehaving, I will reduce its weight to [-]0.1 and let it run for a while, then do some statistics on how many FPs / FNs happen. If there are too many mis-triggers, I'll either zero-weight the rule, or keep it at a very low weight. For me, the bulk of the weights in most of my spam is from DNSBLs and bayes results, so I don't need to do a huge amount of fiddling. --Sean
