> -----Original Message----- > > If you don't see any ham with a score above 5, why not set your reject to > score of 5 or 6? > IMHO its better for a sender to get "Your Mail has been rejected due to > suspected spam", then the email getting lost in the spam box never to be > seen. > > Cheers, > > Scott
I am always nervous about sending bounces to spam. Firstly, spammers rarely get bounces, as they are frequently forging their headers to avoid just that, so you are usually just going to waste someone else's CPU time, usually a third party to the whole spam exchange. Secondly, even if a spammer gets the bounce, they will use that as verification of the address, or at least the domain. As for training the Bayesian filters, it is trivial to create a learning address, which bypasses spam assassin and goes to a maildir, and have a script look over that maildir every ten minutes or so, which then invokes sa-learn on each mail. You can even get exotic and put that address hidden on your web page and you newsgroup sig, something like, "Don't send mail to here: [EMAIL PROTECTED]". Also, there are some great milters out there, and they range from basic regex to very exotic. Also, fuzzy ocr is helping to knock holes in the embedded picture spam movement. Really, the best spam defence is a broad range of tactics: RBL rejection at the beginning of mail reception to prevent cost (it's funny how many ISPs include DNS traffic as part of their free zone), plain text filtering of common from, to, subject and body expression using regex milters, spam assassin, antivirus and then your application of rules based on the av and spam assassin headers. Remember, every mail silently dumped before it hits spam assassin is a vital saving in CPU cycles and bandwidth, as verifying with Pyzor and DCC is quite talky. Also, if you are getting bunches of the same virus, add it to the regex filter and save some more CPU. I have found that if you use Pyzor, DCC, Fuzzy OCR and RBL checking in spam assassin you should not see a spam with a score below 25. Thus, a quarantine score of 8 and a trip to the bit bucket for anything above 25 is very safe. If you are running a more exotic MTA than sendmail then you have all sorts of exiting options, including introducing a third set point, at about 5, where it gets sent to a user's spam folder, assuming you use IMAP or another folder based system, like Exchange. caam -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
