One of the SARE Ninjas, (Dallas or Doc), wrote a VERY cool script to tell you your top N rules that hit. It is very nice. I'll see if I can find it in the piles of email here.
--Chris >-----Original Message----- >From: Matt Kettler [mailto:[EMAIL PROTECTED] >Sent: Tuesday, August 24, 2004 9:14 AM >To: Rob Blomquist; [email protected] >Subject: Re: How to know what RuleSets are working, easily? > > >At 10:08 PM 8/23/2004 -0700, Rob Blomquist wrote: >>I am trying to figure out which rulesets are important to me, >and which ones >>aren't. >> >>I am probably up to about 90% of my spam being trapped, but >still, some very >>significant ones make it through, so I am trying to tune my >rulesets. The >>other thing is that the filtering is causing pauses in my use >of KMail. I >>would love to shorten or end the pauses. > >Hmm.. does your setup by any chance log your message statuses >anywhere (ie >/var/log/maillog)? > >Really the quickest way to post-delivery evaluate is to use >something like >this: > > grep RULE_NAME maillog | wc -l > >Repeat for each rule and see who's making the most and the fewest hits. > >You could probably do the same thing with kmail's mailbox >files, although >it would be slower. > >However, this won't really tell you which are "important" in >the sense of >which ones made the difference between a FN and a hit. It will >just tell >you which ones are getting hit the most. Determining which ones made a >difference is more-or-less a by-hand process.. I usually look >around for >low scoring spam, then look at the rule hits of those.. > >
