Which SA rule set considered "Best Practice"?

Pete pete at eatathome.com.au
Sat Feb 21 14:15:07 GMT 2004


Matt Kettler wrote:

> At 06:37 PM 2/20/2004, Michael St. Laurent wrote:
>
>> We're still getting more spam slipping through than I would like and was
>> wondering which of the additional rule sets are recommended.  I've
>> installed
>> the fetch scripts for both the bigevil and backhair rule sets so far.
>>
>> Suggestions please?
>
>
> Disclaimer of bias: I'm one of the add-on ruleset writers... I wrote
> antidrug.cf.
>
> Personally I think your best bet prior to using add on rulesets is to get
> all of the features of the default SA system working well.
>
>         1) Enable DNSBLs by installing Net::DNS.
>
>         2) Enable bayes by feeding sa-learn.. Feed it well, and feed it
> often. Mine gets fed a diet of about 100 fresh spams/day and about 20
> nonspams/day. A good regiment of feeding bayes with input from spamtraps
> and such is very helpful.
>
>         3) Consider installing DCC.. DCC works pretty well and is pretty
> lightweight. Razor is more accurate, but seems prone to more network
> timeouts.
>
>
> As for add-on rules, I don't use that many, despite being a add-on set
> writer.
>
>  "Best practice" would be to be very cautious when using them, and test
> them out with very low scores to start.
>
> If you want to know what I'm using:
>
> Obviously I use my own antidrug.cf, but that's mostly done as a giant
> rude
> gesture in the direction of the pill spammers who have been so aggressive
> lately. I also use a pair of rules which is a collapsed version of Jen's
> popcorn.cf.
>
>         describe LOCAL_POPCORN  1-5 letters - hidden tag - 1-7 letters
>         rawbody     LOCAL_POPCORN  /[>\s]\w{1,5}<\![^>]*>\w{1,7}\W/i
>
>         describe LOCAL_POPCORN2  1-5 letters - hidden tag - 1-7 letters
>         rawbody     LOCAL_POPCORN2  /[>\s]\w{1,5}<\/\w{2,10}>\w{1,7}\b/i
>
> I also find this useful:
>         body LOCAL_MEDS /\bmed[sz]\b/i
>
> and this:
>         body BODY_RND_GENERATOR /\%RND_(?:LC_CHAR|UC_CHAR|SYB|WORD)\b/
>
>
> And that's about it.. other than a bunch of goofball test rules floating
> around. I've also been playing with the FVGT_s_OBFU_* rules.
>
>
> The SA wiki has a pretty comprehensive list of the add-on sets if you
> need
> a list of them. Just remember, when in doubt, test with low scores!
>
> http://wiki.spamassassin.org/w/CustomRulesets
>
>
>
As we dont have the facility to manually feed ham/spam each day, if i
did this for a week or 2 and build up 500 odd entries, would it be
possible to turn off the updating of bayes and just use the DB as is, or
until i find something in the future we really need to add? Auto learn
just doesnt work i have found :( sadly.

Or is it possible to use downloaded bayes DBs?



More information about the MailScanner mailing list