Re: [SLE] sa-learn on server (Postfix/Procmail/Cyrus)
From: Bruce Marshall (bmarsh_at_bmarsh.com)
Date: 12/24/03
- Previous message: Steve Crane: "Re: [SLE] Spamassassin learning"
- In reply to: Jon Clausen: "[SLE] sa-learn on server (Postfix/Procmail/Cyrus)"
- Next in thread: Jon Clausen: "Re: [SLE] sa-learn on server (Postfix/Procmail/Cyrus)"
- Reply: Jon Clausen: "Re: [SLE] sa-learn on server (Postfix/Procmail/Cyrus)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: SLE <suse-linux-e@suse.com> Date: Wed, 24 Dec 2003 13:31:23 -0500
On Wed December 24 2003 12:57 pm, Jon Clausen wrote:
> Hi list
>
> At this point I'm more looking for opinions than actual help...
>
> I have the server set up with system-wide spamassassination. Lately SA
> misses spam more frequently, and I need to train it.
>
Not sure training is really the answer. The spam'rs are getting more clever
and they aren't putting much in the emails that you can train on.
For example, one good trick of theirs is to put only an image in their
emails... It has all the text and pics they want but it's only one image.
SA will catch this as HTML_IMAGE_ONLY but it doesn't give a very high score
for it. (maybe 1.5)
You may want to go look at some of the spam you're getting, determine what
they are using (like the above) and adjust the scores accordingly. Same goes
for the scores where bayes says it is 99% probable spam. Jack up the score
on that.
I'd be glad to send you my local.cf with a lot of mods to it.
> The server runs Cyrus, and I access mail from Mutt via IMAP.
>
> I've been reading some, but I have a hard time deciding which avenue to
> take. It seems there two main roads with this situation;
>
> 1: Put the missed spam in a separate (IMAP) folder, and have a cronjob call
> a script which pipes the files to sa-learn.
>
> 2: Set up a 'training account' and forward the missed spam to this account.
> As seen on: http://lists.suse.com/archive/suse-slox-e/2003-May/0107.html
>
> What opinions/experiences do you all have with the two methods?
>
> One thing I'm particilarly interested in, is with option 1:
>
> Since /var/spool/imap and below, is cyrus', any script acting on the files
> in there can't be user owned. So what do you guys do?
>
> Make an entry in roots crontab, with user = cyrus?
>
> Also how does Cyrus react when files get moved/deleted from the
> imap-directories?
>
> What if there are several accounts on the server? I mean, then the
> 'teach-sa' script has to look in several different directories. Not
> neccessarily a big problem, except if the users change the name of the
> missed-spam-folder...
>
> Is option 2 in fact a 'better' (easier/more painless to set up/maintain),
> than option 1, when we're talking about a 'real' server, with multiple
> accounts?
>
> TIA
> /Jon
>
> --
> Whatever rocks your boat!
-- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 12/24/03 13:28 + +----------------------------------------------------------------------------+ "Money is like an arm or leg: use it or lose it." - Henry Ford -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Steve Crane: "Re: [SLE] Spamassassin learning"
- In reply to: Jon Clausen: "[SLE] sa-learn on server (Postfix/Procmail/Cyrus)"
- Next in thread: Jon Clausen: "Re: [SLE] sa-learn on server (Postfix/Procmail/Cyrus)"
- Reply: Jon Clausen: "Re: [SLE] sa-learn on server (Postfix/Procmail/Cyrus)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
