A couple of questions regarding MailScanner
Eric Dantan Rzewnicki
rzewnickie at RFA.ORG
Thu May 13 19:15:39 IST 2004
On Thu, May 13, 2004 at 10:45:11AM -0700, Jason Williams wrote:
> Hello everyone.
>
> I have a few questions that I wanted to ask, regarding MS and my setup. So
> far, everything has been working well. I am continuing to monitor, tweak
> and tune my server each day. Work in progress. Here are a few questions
> that I have been thinking about lately.
>
> Question 1.) Cleaning out the quarantine directory....how aften?
>
> As it states, what is the recommendation for cleaning out all of the
> quarantined items that MS has stored? I should mention that I am running
> MailWatch and I have set it up to store all emails that are tagged as spam.
This basically depends on your preference, that of your users and your
available disk space. I have a script that runs nightly to clean out
quarantine older than 22 days. So far I haven't had any requests to
deliver anything from quarantine more than 3 weeks old.
> While there is spam in there, i'm assuming that I can train the engine to
> learn from the quarantined spam. Probably use sa-learn first from the
> stored spam, then clean out the quarantine?
If you have autolearning enabled much of it will already have been
learned. But, it certainly won't hurt to run it again to pick up the
stuff below the autolearn threshhold.
> Question 2.) bayes engine....best way to train it?
>
> Continuation of question one. Being as I have probably around 300 pieces of
> spam in there, is there a preferred method to train spam for MS? I've seen
> and read different ways people use sa-learn for different systems. Wanted
> to know if there was preferred method to use in conjunction with MS.
I'm not sure what you mean here ... training on the spam would be good,
but you should also train on known legitimate email with the --ham
option to sa-learn.
> Question 4.) Spam emails coming in, that have .pif files attached.
>
> One thing I have noticed is that a lot of emails that are coming in and
> that are marked as SPAM, have .pif attachments. For the most part, these
> .pif attachments are probably viruses of some sort. I just find it kinda
> funny that they are being marked as SPAM. I have no problem with that but
> was curious if anyone else has similar things happening as well.
That is not at all uncommon. There is often a high correlation between
characteristics of spam and characteristics of virus mail.
> Question 5.) What changes require MS to be restarted?
>
> Something I have thought about a lot recently. But, do you need to restart
> MS after any changes you make to any of the configuration files? Rules?
> .conf? etc. I'm assuming you do, but thought I would verify.
In general if you want your changes to take effect now you should
restart MS. Some changes will be picked up with the periodic dying of
old age and subsequent rebirth that MS performs every so often based on
your setting of "Restart Every =" in MailScanner.conf. But, a few
require a full restart. Restarting after making changes will also show
you right away if you've made any fatal errors, which are better to know
about sooner rather than 4 hours from now when you might be asleep or
something.
> That is about it for now.
>
> I appreciate the help.
> Jason
-Eric Rz.
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list