On Friday 20 October 2006 10:37, Jim Maul wrote: > Others may suggest you lower your threshold but I feel this is the wrong > way to deal with this type of situation. Generally, you want to > increase the gap between spam scores and ham scores, not lower the > threshold. The way to do this is add on rules, network tests, bayes, > etc. If you are already using all of these and still have poor > accuracy, i'd say go for it (WRT jacking the BAYES_99 score) and monitor > the results.
Even WITH all of the network tests installed there has been a large increase in spam that gets through, and almost always scores high on Bayes. Therefore you either have to raise specific scores or lower your threshold. Raising specific scores is messy, as you usually have to raise several different test scores to get something working, and once you do, you have to constantly review them to see what works and what doesn't. Therefore, I disagree with your advice, and I recommend lowering the spam threshold. Its easier to maintain with a stock rule set. (There are exceptions of course, this is not dogma I'm recommending just another alternative choice). Basically I don't know of any site running SA that still uses the default threshold of 5. My choice is to lower the threshold to near 4, and set end-user MUAs to filter an thing marked spam those to a "ProbablySpam" folder. Then I set Procmailrc filters 10 and above to /dev/null This approach is probably too brutal for large institutional use, but for small office use it works great. The only individual rules I crank up are RAZOR2_CF_RANGE_51_100 and BAYES_99. Razor-100 alone is enough to put something in the probably spam category. I've never had a false positive with this approach due to the Razor score. Every time I fiddle with the scoring or threshold I double the /dev/null score for a couple weeks (requiring 20 to go to the bitbucket). But in each case, I quickly revert to 10 as I find nothing over 10 has ever proven to be something the users wanted. -- _____________________________________ John Andersen
