On Fri, 2007-08-17 at 09:01 -0700, John Rudd wrote: > Over the last 9 months, my observation has been that, on a million-ish > message per day system: > > 1) aprox. 1% of Botnet marked messages are false positives > > 2) you can reduce false positives from Botnet by 66% by just dropping > the score to 4.99, because the vast majority of false positives are > scoring in the range 5 <= score < 5.01 > > 3) you can eliminate the false positives entirely by setting the score > to 4.0, because all of the false positives we've come across were in the > range 5.0 <= score < 6 (actually, smaller than 6, but definitely 6 works > there). > > And, anecdotally, while I'm going to keep using the 5.0 score at home, > at work the campus email teem has decided to lower it to 4.0 for now (as > soon as our change management process approves the change), and possibly > adjust it back up toward 4.9 or 4.99 if that's letting through too many > low scoring spam messages. (my suggestion was 4.99 and further adjust > downward as necessary, but the group decided to go to 4.0 now and adjust > back up if necessary)
Yes, we run nordns at 4.5 with no problem, works well, but we got so many poorly configured BADNS, we had to drop that and everything else. Almost any business with its own mail server had the standard ISP IP notation with static or something. We had to add many IP's to trusted networks? Is there any way to take that from file. We keep many IPs in postfix, SA, amavisd-new and possibly Botnet. The words were getting hit too, that is why maybe I think I need to just tweak my words list since we're an ISP? Any good working words list out there for an ISP? Thanks. -- Robert
