From: "LuKreme" <krem...@kreme.com>
Sent: Wednesday, 2009/December/16 07:56
On 16-Dec-2009, at 08:33, Mike Cardwell wrote:
For what it's worth, I just ran sa-stats.pl against my last ten days of
logs. The only mention of habeas was:
10 HABEAS_ACCREDITED_SOI 367 1.45 0.00 17.36
So it hit on 17.36% of my Ham, and 0% of my Spam.
With the default settings that's no surprise. SOI gets a −4 by default, and
SOI stands for "single Opt in" which is what spammers call it when there is
no actual agreement from the receiver to receive email (that is, a site that
lets me enter your email address and then sends you mail is 'SOI').
I had to expand the rules to the top 25 instead of the top 20 to get HABEAS
to hit.
23 HABEAS_ACCREDITED_SOI 783 2.22 1.02 3.71
That's with SOI set to … re, I forget. +1 I think.
1% of spam, 3.71% of ham.
Compare this to BAYES_99 with a similar default score:
1 BAYES_99 12797 36.35 89.79 0.27
<< jdow That still does not say whether it is verified ham and spam as
compared to what SpamAssassin declared. Is it verified that these people
did not opt in at some time in the past?
And, yes, your SOI observation is a very valid one. I suspect any SOI test
is not a valid anti-spam measure. I just make the rules for that myself.
Something I would like to see is ALL the DNS based scores moved out of
the immutable (and hard to find once updated) SA private directories into
a 00_dns_scores.cf in with local.cf. It's there with all the default scores
and
marked read only for everybody. It should state that you can override the
scores with a 01_dns_scores.cf file with your score overrides. It would make
it easy to see what's going on.
Heck, even having a 00_scores.cf file with ALL the scores commented out
just as an index of all the rule scores that exist would help when a rule
starts
to misfire - like HABEAS_ACCREDITED_SOI has for you. (And not unlikely
a lot of people. I bet it varies with your customer base and their
particular
personalities quite a bit, too.)
{^_^}
