Hi Dan First of all: You know Declude Junkmail offers a lot of different actions and great flexibility to manage what should happen with catched spam. There are out here Admin's with mailservers in different situations and therefore different configurations - adapted to there needs.
Here a solution that works for our situation here: ~ 340 virtual hosts ~ 900 mailboxes ~ 3000 incomming legit messages/day ~ 750 hold spam/day ~ 0.9 false positives/day (60 day average) We've set up a non standard weighting system with hold on 100 points. (This help us to compare the results of statistical calculations with the individual weight of single tests, because 100 pts is also 100% of our hold weight) We've only two actions beside the X-header-warnings: WEIGHT75 SUBJECT [s%WEIGHT%] WEIGHT100 HOLD We use SpamReview to review all hold spam. Because all hold messages has also the [s%weight] at the begin of the subjectline we can easy sort them by weight. I highly recommend SpamReview, you can find a link on declude's tools page. In 8 months that we use this type of setup now, we haven't had any false positive that was above 170% of our hold value. Most of them are between 100 and 115%. This means that we have to check only the first part of the hold messages, until we come to the subjectlines beginning with [s2xx]. The resting messages can be moved by one single click in SpamReview in the spam/hold-folder. (or analyzed before to improve the detection rate) In case of a false positive the SpamReview-Operator copies the D*.SMD-file manually in a special FP-folder, so that we can analyze and learn from false positives. (would by very usefull if a new SpamReview-version would provide such a "copy to FP-folder"-button !!!) After them the operator requeues the fp message back to the imail spool-folder clicking on the apropriate button in spamreview. Instead of using Imails onboard tool to clean up the spool folder we've created a small command-line tool that deletes any file in the spool- and sub-folders that is older the 14 days. (Backups of the logfiles are keept for a longer time) This will also delete the hold spam- and virus-messages and keep the level to something between 10k and 20k spam messages in the hold-folder. This files are very usefull for us to make some research to improve or develop some new spam-tests. Sounds a little bit complicated but all the fp-checks are done in a very few clicks. Regards Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
