spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex <mysqlstud...@gmail.com>
Subject Re: "bout u" campaign
Date Thu, 13 Jul 2017 22:26:54 GMT
Hi,

>> Are you paying for DCC? I think we're over their limit and they
>> blacklisted us long ago, lol.
>
> I have my own DCC server joined into the DCC network.
>
> https://www.dcc-servers.net/dcc/

So you only provide spam services for your own users? Or do you pay?

> I am classifying about 10K ham and 8K spam each day which I also use in the
> masscheck processing (currently on hold).  Since I have started doing this

Through autolearn?

It is otherwise extremely time-intensive.

> Yep.  Again my block threshold is 6.0 in MailScanner and I have less default
> trust for FREEMAIL senders.  I also have meta rules based on FREEMAIL and
> other hits that add to the score based on combinations I have seen over the
> years.

Adjusting many of the default rules disrupts the score balance created
by masschecks, no?

I want to avoid having to juggle scores around, in addition to already
worrying about writing rules that ultimately have the same effect as
existing metas.

>>>   2.2 ENA_DIGEST_FREEMAIL    Freemail account hitting message digest spam
>>> seen by the Internet (DCC, Pyzor, or Razor).

Are you worried about overlap between the checksum systems?

I've enabled DCC again today, and remembered what I don't like about
it. Do you have DCC_CHECK at its default 1.1 score? That's quite high
for something described as "bulk mail" when bulk mail is already
scored very close to 5.0.

How much more effective do you find DCC than PYZOR? That's already
scored at 1.4.

> I have no idea.  I just analyzed my mail scoring and noticed combinations
> like DCC and FREEMAIL are common in my spam.

That's a good combination.

> The ENA_BAD_SPAM rule is a combination of 2 different types (reputation and
> content) rules with an AND between them.  For example (this is is about
> one-third of the rule):

Is it usable like this?

> /etc/mail/spamassassin/99_mailspike.cf
> shortcircuit RCVD_IN_MSPIKE_H5 on
>
> score RCVD_IN_MSPIKE_H4 -3.2
> score RCVD_IN_MSPIKE_H3 -2.2
> score RCVD_IN_MSPIKE_H2 -1.2
> score RCVD_IN_MSPIKE_WL -0.82
> score RCVD_IN_MSPIKE_BL 1.2
> score RCVD_IN_MSPIKE_L2 0.2
> score RCVD_IN_MSPIKE_L3 1.2
> score RCVD_IN_MSPIKE_L4 2.2
> score RCVD_IN_MSPIKE_L5 3.2

The default scores for these rules are all almost 0 when bayes and
network tests are enabled. I've adjusted the L[2-5] rules from 0.2 to
1.2. Took a quick look at a handful of L5 mail and anything higher
would be problematic.

> Hope this is helpful.

Thanks, as always.


>
> --
> David Jones

Mime
View raw message