I have installed the latest files... I try and keep up with them. I think the only changes I make are on the Weight 10 and 20 and I change the subject. I look at the headers on a bunch of the spam messages that come thru and most fail SORBS-DUHL, but then I see that many legit messages do as well.
Are you using a HOPHIGH setting in your global.cfg file? If so, that would account for it. In that case, you can rename the test to SORBS-DUL, in which case Declude JunkMail will bypass it for inappropriate IPs.
I have to admit that I've never taken the time to look at this very much. I had hoped that someone had come up with a good config that I could use without making learning about all these spam databases part of my life.
Well, it sounds like you want to make it part of your life. :)
I would guess that about 80% of our customers are simply using the default config files and blocking on WEIGHT20 or WEIGHT10. If you have everything set up correctly, that should capture a significant amount of spam. If you were blocking 60% of spam using an old config file, you should see much better results with the latest config file.
So, it's time to determine if the spam capture ratio is good enough. If it is, sit back and let Declude JunkMail do its thing. If not, you should first determine if there is a configuration problem. If so, it needs to be fixed; otherwise, time will need to be spent learning about ways to improve the spam detection.
My goal is to give my mail users the ability to filter out most spam based on the subject line of the message.
Do you mean that you want to filter spam based on the subject line that the spammer used (in which case you're choosing to spend a lot of time dealing with spam on your own, rather than using existing tools -- and you would need to explain *why* you want to do it this way), or do you mean that you want to filter spam based on subject modifications that Declude JunkMail makes (such as "WEIGHT20 SUBJECT Spam:")?
The default config files do nothing toward that goal and I have to make changes.
The default config files intentionally do not take any action on spam, because everyone's needs are different. However, changing "WEIGHT20 WARN" to "WEIGHT20 SUBJECT Spam:" is very simple, so I'm assuming you are wanting to do subject filtering on your own.
So my question becomes, "Why do you want to filter based on the subject?"
If I change all the warn's, to subject changes then it seems that most every message would be marked as
spam. There has to be a good medium in there, but I sure don't want to make
it my lifes work to find it.
AH! I think I understand now.
Our recommendation for several years now has been to use the default configuration file, and then block E-mail based on either the WEIGHT20 or WEIGHT10 tests. So in this case, you would just change the "WEIGHT20 WARN" to "WEIGHT20 SUBJECT Spam:".
We do NOT recommend blocking on all tests. For most of our customers, only blocking on the weight tests works very well.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
