Hi -
I am very surprised by the poor results you are getting - I have a very
similar setup, and as mentioned in a previous email getting 99.98% hit
rate, and a very very very rare FP. Someone also mentioned that it is
hard to get > 90% in a large environment - I disagree.... I am running
this setup on multiple servers with good quality filtering (> 100
domains and around 1 Million emails each day). It isn't exactly the
biggest setup in the world, but it is running in an ISP environment.
Throw in
www.surbl.org to the equation, it catches all the hard-to-bayes
spam (simple one line emails).
At the end of the day you can tune up SA very well - but it is a CPU
hog, check out DSPAM if you want something more efficient (I am in the
middle of moving to it).
Cheers,
Andrew.
Alexander Prohorenko wrote:
>Jan-Peter,
>
>Believe me, I'm spending hours weekly with tuning SpamAssassin. Of
>course it's running Bayes, Razor, DCC, my Exim server has a lot of
>rulesets for RBLs, HELO, Virus checking, etc.
>
>Yes, it stops just HUGE number of SPAM messages, however, I still have
>to fight with them daily in my mailbox.
>
>Thanks, I'll get a look at greylisting and dspam. Hopefully, they
>will work out for me well.
>
>Thank you.
>
>Tuesday, December 14, 2004, 8:59:04 AM, Jan-Peter Koopmann wrote:
>
>
>
>>>What can you advise, except spending hours daily filtering mail from
>>>SPAM manually?
>>>
>>>Unfortunetly, SpamAssassin doesn't work good enough for me,
>>>I'm able to filter not more than 70% of SPAM. I recieve
>>>about 30 SPAM messages daily for one mailbox.
>>>
>>>
>
>
>
>>I assume you run your SpamAssassin "out-of-the-box"? Try tuning
>>it with additional rulesets. Use bayes and train your database. I
>>never heard of a SpamAssassin installation only catching 70% spam if
>>setup correctly. Moreover tune your exim to starve SMTP connections
>>a bit if they look like spam (e.g. if certain RBLs are triggered,
>>HELO checks fail etc.). Many spammers will simply try to push the
>>entire message to you and will not care for sychnronization of
>>commands in which case you can drop the connection.
>>
>>
>
>
>
>>I agree with Tony though that TMDA is dreadful. Have a look into
>>greylisting as well. I would not recommend greylisting to business
>>users but it sure is great for personal use. Moreover: Look into
>>dspam. Never used it myself but you never know... :-)
>>
>>
>
>
>
>>Regards,
>> JP
>>
>>
>
>
>
>
