Re: Score 0.001

Sat, 11 May 2024 12:55:16 -0700 

On 2024-05-11 at 14:26:59 UTC-0400 (Sat, 11 May 2024 20:26:59 +0200)
Thomas Barth <tba...@txbweb.de>
is rumored to have said:


Hello

Am 2024-05-11 19:24, schrieb Loren Wilton:

Can I just take the names of the rules?

e.g. at least two checks should fire:
meta MULTIPLE_TESTS (( RAZOR2_CF_RANGE_51_100 + RAZOR2_CHECK + URIBL_ABUSE_SURBL) > 1) 
score MULTIPLE_TESTS 1

found in

X-Spam-Status: No, score=5.908 tagged_above=2 required=6.31
    tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
    DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, FSL_BULK_SIG=0.001,
HTML_MESSAGE=0.001, RAZOR2_CF_RANGE_51_100=2.43, RAZOR2_CHECK=1.729, 
    SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_ABUSE_SURBL=1.948]
Why is your score threshold for spam 6.31? By default it is 5, and that message would have been spam.
6.31 has been the default value on a Debian system for ages and is based on the experience of the “spam analysts”. That's how I remember it. I have therefore retained this value. Who introduced the default value of 5? Spamassassin itself, because spam is getting better and better and fewer rules apply?
5.0 has been the default threshold in the distribution forever and that value is an assumption in the dynamic scoring and RuleQA service which adjusts scores to their optimal values daily based on the latest results submitted by masscheck contributors.
I have no idea who the Debian "spam analysts" are but I am certain that they are not doing any sort of data-driven dynamic adjustments of scores based on a threshold of 6.3 nor are they (obviously) adjusting that threshold daily based on current scores. The only reason I can see for boosting the threshold is if there is an additional set of rules being used with a significant number of the non-standard low-S/O rules. For example, if you use KAM rules (which are not part of the RuleQA process) you will have a lot of rule hits on legit mail and you can either boost the threshold or do a lot of local-specific FP mitigation.
On systems I manage I mostly use a *lower* threshold, because I apply more active site-specific rule management (and FP avoidance) than most systems ever receive. 



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com addresses) 
Not Currently Available For Hire

Reply via email to