I find i have to run botnet rules individually, not as the big meta rule. See 
the doc in the tar ball for how to.

-- martin

-----Original Message-----
From: Jesse Stroik <[EMAIL PROTECTED]>
Sent: Thursday, September 11, 2008 10:03 PM
To: [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Subject: Re: MagicSpam

Rob,

Spamassassin is more difficult to configure because commercial products don't 
have the luxury of requiring more sysadmin configuration.  They have to be easy 
or no one would buy them.  The disadvantage of them being easier is that they 
have less flexibility, less information and less site-specific configuration to 
work with.  They also tend to be less accurate, erring to the side of 
enforcement at the risk of discarding legitimate mail.

It is important to check spamassassin to see which plugins are installed 
properly and working.  Spamassassin will work with only a few plugins 
installed, but it will work much better if you install all plugins that make 
sense for your site.

To maintain spamassassin well, you also have to have very level-headed admins 
who are willing to drop even very effective plugins if they have the potential 
for false positives.  You have to evaluate the plugins yourself, to some 
extent, and you have to trust behavior that you observe.  I recently had to 
decrease the score of the BOTNET plugin significantly.  It's not the BOTNET 
plugin is doing something wrong -- it's simply that companies often configure 
their mail servers with mail gateways and have internal/private network 
Received lines that trigger the BOTNET plugin.

Commercial products tend to trap lots of spam, like a properly configured 
spamassassin installation, but they also tend to get a lot of false positives.  
Consider that people complain a lot more about false negatives (spam that gets 
through) than false positives, especially if they don't see the false 
positives.  Because of this behavior pattern, commercial products will almost 
always err to the side of throwing away the baby with the bathwater.  And this 
is more dangerous to email than spam is.

Best,
Jesse

**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

Reply via email to