I'll second this. You should be able to get things well under control
with the standard SA, as long as:
- you have the latest version you can
- invoke RBL, and Bayes:
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 0
This should be enough to get things down from "torrent' to "merely
annoying". Make sure all this is working - look for hits like these:
BAYES_99 - the Bayesian magic thinks the content looks
very dodgy
RCVD_IN_BL_SPAMCOP_NET - sender is blacklisted
URIBL_JP_SURBL - dodgy URL in the content
AWL - autowhitelist
Do not try anything further until you're getting these sort of hits. You
need to get this stuff going properly.
- steve
Cooking up rules for *whitelisting* is OK, and simple enough, but trying
to do rules to detect general spam shouldn't be necessary and is a
Serious Black Art (not because SA is hard, but spammers are cunning, and
also it's pain if you blacklist legitimate traffic). However once you're
down to "trickle" levels you might want to have a look at
http://www.rulesemporium.com/ - lots of rulesets and tools.
> -----Original Message-----
> From: Steve Holdoway [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, 25 July 2006 9:27 a.m.
> To: [email protected]
> Subject: Re: Need help with Spamassassin rules....
>
> To answer your question by ignoring it (:
>
> Are you using rbls??
>
> We use
>
> bl.spamcop.net
> sbl-xbl.spamhaus.org
> relays.ordb.org
> combined-HIB.dnsiplists.completewhois.com
>
> And it makes a big difference.
>
> Steve
>
> On Mon, 24 Jul 2006 23:18:15 +0200
> chris bayley <[EMAIL PROTECTED]> wrote:
>
> > Hi guys,
> >
> > a continuous torrent of spam has been driving me to distraction
> > recently and the out of the box configurations seem to be loosing
> > ground so it
> [snip]
>
=========================================================
This e-mail has been scanned for Viruses and Content and cleared by CommArc
Cube Server
