On 08/08/2017 08:02 PM, Ian Zimmerman wrote:
On 2017-08-08 15:20, Scott wrote:

Another new one  big score, auto-learn disabled.  This one is fairly small.

X-Spam-Status: Yes, score=29.428 tag=-9999 tag2=5 kill=6.4
         tests=[DATE_IN_PAST_03_06=1.076, DCC_CHECK=3.2,
         HTML_EXTRA_CLOSE=0.001, HTML_MESSAGE=0.001,
         NORMAL_HTTP_TO_IP=0.001, RAZOR2_CF_RANGE_51_100=0.365,
         RAZOR2_CF_RANGE_E8_51_100=2.43, RAZOR2_CHECK=2.5,
         RCVD_IN_BRBL_LASTEXT=1.644, RDNS_NONE=1.274, SPF_FAIL=4,
         WEIRD_QUOTING=0.001] autolearn=unavailable autolearn_force=no

Can you tell if this one has the 3 point match?


when I tried to use the autolearn feature I was as confused as you are.
As far as I remember, the 3 point each from header and body is not the
only requirement; the full truth is that some rules are "privileged" and
can contribute to autolearning while others cannot.  I found it opaque
in the extreme and essentially unpredictable, and so I stopped
autolearning and hacked up some scripts that put duplicate of each ham
message into a folder which is then processed by sa-learn from a
cronjob, with sufficient delay that I can review the contents and remove
any false negatives; and similarly with spam, excluding the utterly
horrible category which just goes to /dev/null.

It may not be possible for you to adopt such a process if your volume is
high, but OTOH in that case you probably have users to help you :)

I think this is what RW is telling you, too.

FWIW, this is documented (sort of) by:

perldoc Mail::SpamAssassin::Plugin::AutoLearnThreshold

Same here. I had a little success with autolearn. When I started splitting out messages into a spam and ham folder and using a cron script to train explicitly, the BAYES hits became very accurate and helped with zero-hour spam which is the hardest to block.

I setup an iRedmail server on a local-only subdomain and send/BCC copies of messages over to it. Then I can use simple Inbox rules to sort or discard them. Then I cron'd spam and ham training based on the Maildir "cur" folders. This requires me to do a quick scan of the unread messages. When I mark them as read, then they get sa-learn'd. Takes a few minutes a day and drastically improved the mail filtering.

A side effect of this has allowed me to easily spot some new spam campaigns and messages that are scoring just below the block threshold so I can add them to local custom rules. Sometimes these are legit senders with good opt-out so I add them to a whitelist_auth entry.

David Jones

Reply via email to