Am 20.10.2014 um 18:03 schrieb RW:
On Fri, 17 Oct 2014 20:04:11 +0200 Reindl Harald wrote:a perfect trained bayes on the inbound spamfirewall* after recently a account was hacked and sent spam (luckily not massive by rate-limits) which would have been clearly caught by SA/spamass-milter i consider to install SA also on the submission servers and just rsync the bayes per cronjobThis is not ideal, a well-trained incoming database wont be well-trained for outgoing mailthe 2000 ham samples are incoming and outgoing legit mailIf possible it's better to keep them separate because there will be tokens frequencies that are very different between the two types of ham. For example, if a spammer is sending-out spam spoofing a bank, you don't want to have legitimate incoming mail from that bank in your ham corpus
no autolearning, hand-feed bayes and it was *a lot* of work catch 2000 clear spam and 2000 clear ham samples (with the help of some users forwarding mails as eml) in total - hence i don't want to maintain a second one
the ham should contain samples of any type legit mail here new spam is regulary forwarded to me for trainingIMHO the new spam is the most important because is think if someone hacks mail-accounts than for send out the last recent crap with it
lowered and/or disabled some rules not make sense in context of authenticated MUA's from dialup home-networks, lowered the impact of the bayes in general and tested with the two intrusions attached in abuse mails as mailbody - both would have been rejected by milter and so far no single mail nearly in a FP range
looks like the goal is achieved, rate-controls and so on also tuned to make dictionary attacks harder - they become really a lot recently
signature.asc
Description: OpenPGP digital signature
