Also while poking around, some SURBL mails got through cause BAYES_00 gave a negative score. In general do ya'll let BAYES_* rules score negative?
Well, that *is* what they're for. Anything under 50% is supposed to be more likely legit than spam, based on mail you've seen before. The Bayes rules are there in part to compensate for things like news articles about deposed African leaders and large sums of money that might otherwise trip spam rules. I've actually increased the magnitude of the scores on the lower-end Bayes rules. (Hmm, "increase your magnitude" sounds like a phrase that'll show up in spam any day now.)
If you're geting BAYES_00 on lots of obvious spam, you need to re-train your database or just stop using Bayes. Take a bunch of those messages (as many as possible) that hit SURBL but also hit BAYES_00 and run them through sa-learn --spam.
What about the other negative scores? Just set them to zero?
There aren't very many left. AFAIK it's Bayes, Habeas, Bonded Sender and ALL_TRUSTED (meaning the message started inside your network and never left). SPF passes are technically negative, but they're scored just enough to track (as they should be) and not to affect the score.
If you've got your trust path set up right, ALL_TRUSTED is pretty much safe. If not it can cause problems, but you're better off fixing the trust path than disabling the rule because the trust path is used for other things. As for Bonded Sender and Habeas, forgeries are much harder than they used to be, so it depends on how much you trust their criteria and their verification process.
-- Kelson Vibber SpeedGate Communications <www.speed.net> _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
