Effort to manage MailScanner

Fri Dec 12 22:32:21 GMT 2003

I have faced similar situations regarding false positives.  One method that
I found useful was to DELETE high scoring spam and DELIVER normal spam.
Using this model you can set your spam score more aggressively because users
still receive the mail with a {Spam?} or similar markup in the subject line.
High scoring spam (which you can keep at a high score) is rarely a false
positive but I usually opt to forward to a review account to keep an eye on
it.

Once you have a configuration like this in place you would either want to
instruct your help desk to show users how to setup a mail rule to drop
subjects containing {spam?} into a spam review folder or distribute a
document to your users with the procedure.

I found this method to allow me to catch more spam while lowering the risk
of true false positives.  Seeing all the {Spam?} messages also lets the user
populace know that the filter is working (nice side effect).

Another process I like to use (with caution) is to setup a mailbox for spam
issues that users can send mail to.  Most of these messages turn out to be
"please black list this message, it is spam" with an occasional "please
white list this domain" or even a "thank you so much, I can now get through
my inbox in less than 8 hours!"  Once a week you can go through the
messages, document your white list, black list and possibly rules
modifications, fill out your change control form (you do practice proper
change management, right?) and you're all set.  This administrative mailbox
is the main drive for my tweaking.

NOTE:  I also do not upgrade unless there is a feature I need or want.

> -----Original Message-----
> From: Pete [mailto:pete at eatathome.com.au]
> Sent: Wednesday, December 10, 2003 4:36 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Effort to manage MailScanner
>
>
> Sorry i couldnt think of a better subject heading.
>
> I have had MS running now for a full month and it appears to
> be working perfectly - in our ORg we cannot be too agressive
> as false positives would a lot of criticsm, so i have used
> almost defaults settings, but we get no UCEs delivered to
> staff or students and have had only one false positive so far.
>
> We have 600-700 mail accounts but only recieve 1500 emails a
> day %30 being spam.
>
> I have noticed on these forums a lot of people spending a lot
> of time changing settings, adding RBLs, upgrading every new
> release or beta and i wanted to know what benifits these
> folks recieves vs thier effort - its starting to make me feel
> like i shouold be upgrading to latest too - except i dont
> want to have my head buried in MS config every day for the
> next month - i thought this and install, config and forget
> type system, which is how i have been treating it (though i
> check quarrantine daily at the momment), are you guys getting
> some benifit that i am not, or is because you ahve far
> greater volumes of mail that you get more spam through MS
> aqnd have to work harder to stop it?
>
> I suppose its my cautious, no downtime nature that keeps us a
> few versions behind with alsmot all of my systems...
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20031212/b4cc5055/attachment.html