SpamAssassin 3
Matt Kettler
mkettler at EVI-INC.COM
Wed Nov 17 16:49:47 GMT 2004
At 11:26 AM 11/17/2004, Kyle Harris wrote:
>Now that SpamAssassin 3 has been out for a little while and several on this
>list have updated to it, I am curious. What is the overall opinion as to
>whether or not it catches more spam than the old 2.63 version running with
>MailScanner?
>
<snip>
>For those that have made the upgrade, are you generally seeing more spam
>being caught, less being caught, or about the same? Opinions?
I've not made the upgrade yet. I'm on 2.64 (I'd not run 2.63 or older on a
production box. It has a malformed message DoS vulnerability).
However, I've been closely following the threads on this subject here, and
on sa-talk, and I've been studying the SA 3.0 rules, mass-checks, scores,
and code a bit.
Really, you hear a lot of people claiming that SA 3.0 catches more, and a
lot of people claiming it catches less.
The general summary I can conclude from talking to lots of happy and
unhappy upgraders is:
1) anyone upgrading from stock SA 2.6x sees an improvement.
2) Anyone who already has surbl, antidrug, and all the other add-ons that
are now built into SA 3.0 see much less improvement. The mass-check tested
scores are much less aggressive than those assigned by many rule-writers,
some of whom still don't quite understand some of the detailed subtleties
of how SA scoring works (I'm talking scoreset balance issues, overlapping
rules with paired-firing, the real impacts of 'FPs are 100 times worse than
FNs" concept in the score assignment, etc)
3) anyone with a NATed mailserver, or other mailserver configuration where
your externally accessible MX appears to be a reserved IP, must set
trusted_networks manually. Otherwise major FN problems ensue from
ALL_TRUSTED misfiring. The trusted_networks problem is not new to 3.0, it's
been around since 2.50, but it's impact is much more severe in 3.0 than
earlier versions. (in 2.6x and 2.5x it mostly caused dialup rbls to
false-positive)
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list