>On a separate topic, I'm curious to know how everyone handles >the spam which makes it into the "imail\spool\spam" directory. > My current implementation of Declude JunkMail Pro is enabled >for only 5 domains. A couple of those domains have only been >active for a week. We have about 100 domains on our IMail >server so I can't imagine what it's going to be like when I >roll this out on a large scale.
We hold spam for some period of time (typ 2 wks). If a false positive is suspected then we perform a search for the "missing message" using simple file search tools and if we find the message we adjust our Message Sniffer rules and other settings to compensate. Copying the message back into the spool directory (both D & Q files) gets the message delivered. ( Typical adjustments would include blocking black rules, adding white rules, or adjusting the weights on some tests. Most often the case is adding a white rule for a list that may include advertising content or perhaps is sent by a "gray" hoster. ) Some systems allow the user to perform the search and delivery functions themselves and then reports false positive information based on their activity. These systems may also make automatic adjustments such as the addition of white rules based on the headers in the message etc... it's all dependent upon the technical capability of the system administrator(s). We never do any review of the messages held in the spam folder except when performing research and training functions for our Message Sniffer product. As an ISP, we would probably never review this content. As a small business or corporate office we might do a weekly search for common keywords of interest and review only that content as a safe guard. >guessing that one route I could take is to take a "DELETE" >action on spam which has a particularly high weight. Given >the DJM default weight is there any weight which people have >decided is a good "DELETE" weight. Is there anything else I'm >not thinking of? With Message Sniffer there are some categories of messages (such as Porn/Adult) that are generally safe to delete. Declude allows you to treat each of these categories differently. You can take the same approach with other tests in Declude with varying degrees of confidence. For example you may find that a particular test or rbl never causes you any false positives and so you could choose to delete on those tests. It's tougher to be sure about deleting messages based only on weight, but certainly worth a try given the statistics that are posted by Declude. There appears to be a VERY high level of confidence and accuracy at the high weight levels when a wide range of tests are applied. I recommend you start by reviewing the latest statistics posted by Scott and look at the simulated tests (WEIGHT 10 and WEIGHT 20). Your mileage may vary but you might feel safe establishing a delete weight that matches the top 10 - 20 % of the messages you stop with Declude given the tests that you use. After watching this a while you could adjust that number downward to capture more for deletion. There are no _absolute_ weight values to recommend since every installation of Declude and every system's tolerance for error is different. I hope these suggestions are helpful to get you started. _M Pete McNeil (Madscientist) Chief SortMonster (www.sortmonster.com) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
