RE: [exim] Reducing Spam Assassin Load

Top Page
Delete this message
Reply to this message
Author: Herb Martin
Date:  
To: exim-users
Subject: RE: [exim] Reducing Spam Assassin Load
> [mailto:exim-users-bounces@exim.org] On Behalf Of Lanny Jason Godsey

<snip>

> This of course is prone to all kinds of problems, I like to
> have every user train their own filters. This is why droping
> 85% of spam prior to stastical filtering is a bad idea IMHO.


I am doing this and cannot disagree with you for
sure -- if one rejects 90% of spam before SpamAssassin
or other 'learning' filters even see it then they will
be starved for new learning and become stale perhaps.

Admittedly I have been doing so for several months
however while improving spam detection.

> I use DSPAM and SA in tandem, as far as I know I'm the only one using
> it in the fassion I have setup. After a while, SA is simply not
> used.


Cool. How are you using DSPam and SA "in tandem"
as I am very interested in options and ideas...?

I just got a clean make & check on DSpam
last night and am working to add DSpam to my
SA/CRM114/greylist/Exim system. (Notice we are
also using CRM114 and the greylists knock out
90% of the spam BEFORE it is seen by SpamAssassin.

[I was considering writing an SA plugin for DSpam
as I did for CRM114 (it's crude still.)]

Since Thursday morning we went 50+ hours without a
single spam "in the spam catch accounts" (and of
course NOTHING got through to users eithers.)

Everything was rejected at SMTP-time (formerly we
had about 1500 spams per day) with no FPs we can
identify (we have been letting that last 10% in for
the last couple of months to prepare for this final
rejection.)

Today, after 53 hours we received the FIRST spam in
the spam catch & review accounts -- again NOT delivered
to a user.

Since mail in the spam catch must be reviewed, I am
now considering it a false positive if a mail gets
there.

The trick is to get the accuracy up so high that
further restrictions can safely be imposed to allow
this kind of rejection rate, with no false positives,
to continue.

--
Herb Martin