We use the most recent version and keep it up to date. We only have 5
users and all of us care about the spam and file it properly. It was
working really well and in the last month has failed worse and worse. I
don't see any patterns in the spams that get through, just many
different kinds, like viagra, meds and weight loss etc all the usual -
and they seem similar to the ones that get filtered...
You say there's a very long list of practices and that the list is way
too long - well where is this list? why is it so hard to configure? how
does someone running a server who wishes to use spamassassin know how
best to set it up? I just want to create a procedure so whenever I set
up a new server I can follow the procedure to install spamassassin into
exim4 and know the mail on it will be able to filter spam reasonably
well - I don't need it to work brilliantly, just quite well would be good.
Here's my current procedure, perhaps I need to add a lot to it yet but
what exactly?
http://www.organicdesign.co.nz/Configure_mail_server#Spam_Assassin
Thanks,
Aran
Karsten Bräckelmann wrote:
On Thu, 2009-04-02 at 10:15 +1300, Aran wrote:
Hi, I've been using spamassassin with exim4 for a few months now and after
the first month of building up the baysean rules it began working very well
only letting about 1 spam in 50 through.
And your SA version is...?
We have it set up such that we file our false positives and negatives in
"Spam" and "Not spam" IMAP folders and each day sa-learn runs across them
and processes/deletes them and we run sa-update on a monthly cronjob.
Do *ALL* your users do that? Are there perhaps some users who just don't
care, delete missed spam, and you may end up with falsely learned spam?
Also, I'd recommend running sa-update not less than once a week, daily
is just fine. But that's just a side note and not your problem.
This has worked well for a few months but recently it has gone down hill and
now lets about 80% of spam through :-( the baysean learning accumulates
tokens every day as usual but to no effect. Its learned 6000 spams and 2500
hams with 130K tokens.
Please keep in mind that Bayes is just one sub-system of SA.
Anyway, 80% of spam slipping through indicates some *REAL*, gross issues
somewhere. Even a 3+ years old SA 3.1.x without updates and without
Bayes should perform much, much better than that.
Alas, your post doesn't have any information, about what could possibly
have gone wrong.
I'm just wondering what your advice is on the best practices and procedures
to have in place to ensure that we can build up good filtering results, and
ensure that it remains good over time.
That list would be too long...
Anyway, it isn't your problem. An accuracy problem like THAT is not
related to missing some best practices. Sounds more like a heavily
borked install or config.
For example, do you whitelist your own domain?
Checking SA headers and rules' hit of spam that slipped through, what do
you see? Any pattern, anything that sticks out?
