> On Thu, Feb 10, 2005 at 11:48:18AM +0100, Sander Holthaus - > Orange XL wrote: > > Your (mail)logs might come in handy for this, if you write out > > SpamAssassin's basic output there. With a basic Perl-script > (you can > > do this in almost any other script-language of course) you can see > > most likely everything you need. Spam, ham and mail-scores, > > scan-times, tests that where hit (!), etc. With only a small bit of > > programming, you can calculate and see everything you need! > You should > > check wat AWL and BAYES -tests are doing, especially if > they hit on Spam. > > True. Maybe I was to lazy to think about that ;) > > I was looking at the logfile /var/log/mail.info which shows > which rules were used, but not with the individual values e.g. > > Feb 10 14:42:44 mail1 spamd[16031]: result: . -2 - > AWL,BAYES_20,DRUG_ED_CAPS,HTML_MESSAGE > scantime=0.1,size=3491,mid=<01E4C22DDCD5E94DAC1863202903F26809 [EMAIL PROTECTED]>, > bayes=0.0983660349113599,autolearn=disabled > > But in exim's rejectlogs the full spamreport appears.
Well, I didn't get to it either until recently. I think there are not too many who automate analysis of spamassassin output. While it is quite handy. >From looking at the entry above, I think a few changes could be made to your setup. Indeed you appear to have a problem with AWL, it shouldn't hit on spam. But it think it is more likely to be related to the fact that messages which are spam aren't getting enough hitpoints to be seen as spam. Bayes_20 is also quite low (but not that unusual) for a spam-mail, not to mention that only two other rules hit on the message. Do you perform any networks-tests? (Pyzor, Razor, DCC, URIDNSBL) > > > When I upgraded, (2.64 > 3.02) I noticed only a small increase in > > scores for spam and decrease for ham from SpamAssassin. Not the big > > results I had hoped for, but I'll patiently wait for 3.1. Overall > > results are slightly better, and technically, there should > be a lower > > possiblility of ham being marked as spam (due to > SPF-checking, did you install that?). > > No, I did not install SPF-checking. I will have to read up about it. It is a nice addition, though not widely implemented (most major webmail-providers use SPF nowadays, but many medium- and small ISP's/webmail-providers don't). http://spf.pobox.com will tell you what it is. > > As to your setup. How up to date are those extra custom rules? > > A few days ago. That's good. No problem there. > > Any reason > > why your are using 70_sare_html2.cf and 70_sare_html3.cf but not > > 70_sare_header0, cf70_sare_header1.cf, 70_sare_genlsubj0.cf, > > 70_sare_genlsubj1.cf, etc, etc...? > > I did not know about them. Check out www.rulesemporium.com You will find all available rules, descriptions and hints how to use them. There are also links to none sare-rules, which can give excellent results too (e.g. chickenpox, weeds / weeds2 and mangeled to name just a few). > > There are more effective rules out there than just > sare_html or just > > sare rules! > > > I use most of the Sare-rules + some extra rules, and > results are very > > good (though watch your memory and scantimes!). Have yet to see a > > false positive with a treshold of 9, and only 1-2% of all > traffic scores between 5 and 9. > > I have tried now to download them with rule_du_jour and it > ends with an error: > > 70_sare_bayes_poison_nxm.cf was up to date [skipped > downloading of > http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf ] ... > > No index found for ruleset named SARE_GENLSUBJ2. Check that > this ruleset is still valid. > > No index found for ruleset named SARE_GENLSUBJ2. Check that > this ruleset is still valid. > > No index found for ruleset named SARE_GENLSUBJ3. Check that > this ruleset is still valid. > > No index found for ruleset named SARE_GENLSUBJ_ARC. Check > that this ruleset is still valid. > > No index found for ruleset named SARE_GENLSUBJ_ENG. Check > that this ruleset is still valid. > > No index found for ruleset named SARE_GENLSUBJ. Check that > this ruleset is still valid. > No files updated; No restart required. > > > > > > Rules Du Jour Run Summary:RulesDuJour Run Summary on archive3: > > No index found for ruleset named SARE_GENLSUBJ2. Check that > this ruleset is still valid. > > No index found for ruleset named SARE_GENLSUBJ2. Check that > this ruleset is still valid. > > No index found for ruleset named SARE_GENLSUBJ3. Check that > this ruleset is still valid. > > No index found for ruleset named SARE_GENLSUBJ_ARC. Check > that this ruleset is still valid. > > No index found for ruleset named SARE_GENLSUBJ_ENG. Check > that this ruleset is still valid. > > No index found for ruleset named SARE_GENLSUBJ. Check that > this ruleset is still valid. I'm not usung rules_du_jour myself, but it may be that the nameing-convention or url of those rules has changed. You might want to update Rules_du_jour if it is not a recent version. But I'm too unfamiliar with rules_du_jour to give you a good/exact answer. As a sidenote, I wouldn't start by installing any of the sare _2 and _3 rules. Kind Regards and Success! Sander Holthaus
