From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Can we add extra rulesets ? I checked the wiki page on rulesdujour > and these are the only "official" rules apparently. Can I use other > rules with rules du jour ?
Take a look at the SARE rules on rulesemporium.com. It looks like you have most of them via RDJ, but you can double-check. > BTW, we have other (older I guess) rules as well in our rules > directory, this is the current list: > > 10_misc.cf 25_textcat.cf 70_sare_uri1.cf > 20_advance_fee.cf 25_uribl.cf 70_sare_whitelist.cf > 20_anti_ratware.cf 30_text_de.cf 70_sc_top200.cf > 20_body_tests.cf 30_text_fr.cf 72_sare_bml_post25x.cf > 20_compensate.cf 30_text_it.cf > 72_sare_redirect_post3.0.0.cf > 20_dnsbl_tests.cf 30_text_nl.cf 88_FVGT_body.cf > 20_drugs.cf 30_text_pl.cf 88_FVGT_headers.cf > 20_fake_helo_tests.cf 30_text_pt_br.cf 88_FVGT_rawbody.cf > 20_head_tests.cf 50_scores.cf 88_FVGT_subject.cf > 20_html_tests.cf 60_awl.cf 88_FVGT_uri.cf > 20_meta_tests.cf 60_whitelist.cf 99_FVGT_Tripwire.cf > 20_net_tests.cf 60_whitelist_spf.cf > 99_sare_fraud_post25x.cf > 20_phrases.cf 60_whitelist_subject.cf > RulesDuJour > 20_porn.cf 70_sare_adult.cf > antidrug.cf > 20_ratware.cf 70_sare_bayes_poison_nxm.cf > backhair.cf > 20_uri_tests.cf 70_sare_evilnum0.cf blacklist-uri.cf > 23_bayes.cf 70_sare_evilnum1.cf > bogus-virus-warnings.cf > 25_accessdb.cf 70_sare_evilnum2.cf chickenpox.cf > 25_antivirus.cf 70_sare_genlsubj.cf > languages > 25_body_tests_es.cf 70_sare_header.cf > mangled.cf > 25_body_tests_pl.cf 70_sare_html.cf > random.cf > 25_dcc.cf 70_sare_obfu.cf > rules.121205 > 25_domainkeys.cf 70_sare_oem.cf > sober_p.cf > 25_hashcash.cf 70_sare_random.cf > triplets.txt > 25_pyzor.cf 70_sare_specific.cf > tripwire.cf > 25_razor2.cf 70_sare_spoof.cf > weeds_2.cf > 25_replace.cf 70_sare_unsub.cf > 25_spf.cf 70_sare_uri0.cf Which directory is this from? It looks like a bunch of those are standard SA rules and not add-ons. Drop antidrug.cf and backhair.cf. Neither of them is needed with SA 3.1. > For the moment we have on average +/- 4.5% of mails t hat score > between 5 and 9 points (we tag these mails currently, but don't drop > them). Have other people any data on this ? Does that 4.5% represent correct spam tagging or false positives? Most people should find more than 4.5% spam in their mailbox. It looks like your setup should work pretty well. If you are not getting good detection rates, check that the network tests are running properly. Bowie
