On Wed December 24 2003 12:57 pm, Jon Clausen wrote:
Hi list
At this point I'm more looking for opinions than actual help...
I have the server set up with system-wide spamassassination. Lately SA misses spam more frequently, and I need to train it.
Not sure training is really the answer. The spam'rs are getting more clever and they aren't putting much in the emails that you can train on. For example, one good trick of theirs is to put only an image in their emails... It has all the text and pics they want but it's only one image. SA will catch this as HTML_IMAGE_ONLY but it doesn't give a very high score for it. (maybe 1.5) You may want to go look at some of the spam you're getting, determine what they are using (like the above) and adjust the scores accordingly. Same goes for the scores where bayes says it is 99% probable spam. Jack up the score on that. I'd be glad to send you my local.cf with a lot of mods to it.
The server runs Cyrus, and I access mail from Mutt via IMAP.
I've been reading some, but I have a hard time deciding which avenue to take. It seems there two main roads with this situation;
1: Put the missed spam in a separate (IMAP) folder, and have a cronjob call a script which pipes the files to sa-learn.
2: Set up a 'training account' and forward the missed spam to this account. As seen on: http://lists.suse.com/archive/suse-slox-e/2003-May/0107.html
What opinions/experiences do you all have with the two methods?
One thing I'm particilarly interested in, is with option 1:
Since /var/spool/imap and below, is cyrus', any script acting on the files in there can't be user owned. So what do you guys do?
Make an entry in roots crontab, with user = cyrus?
Also how does Cyrus react when files get moved/deleted from the imap-directories?
What if there are several accounts on the server? I mean, then the 'teach-sa' script has to look in several different directories. Not neccessarily a big problem, except if the users change the name of the missed-spam-folder...
Is option 2 in fact a 'better' (easier/more painless to set up/maintain), than option 1, when we're talking about a 'real' server, with multiple accounts?
TIA /Jon
-- Whatever rocks your boat!
-- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 12/24/03 13:28 + +----------------------------------------------------------------------------+ "Money is like an arm or leg: use it or lose it." - Henry Ford