MCP suggestions

[Billy A. Pumphrey]

> 
> >
> > Billy A. Pumphrey wrote:
> > <snip>
> > >
> > > I don't want to put vague rules in there and have false positives.
> Here
> > > is an example email that slipped through:
> > >
> > <snip>
> > Billy
> >
> > here are the rules that fired on that memail on by system.
> > Forgetting the ALL_TRUSTED misfire (hmm where'd that come from must
> > check my spam.assassin.prefs.conf)
> >
> >   pts rule name              description
> > ---- ----------------------
> > --------------------------------------------------
> >   0.0 MISSING_DATE           Missing Date: header
> > -2.8 ALL_TRUSTED            Did not pass through any untrusted hosts
> >   0.6 J_CHICKENPOX_22        BODY: {2}Letter - punctuation -
{2}Letter
> >   0.6 J_CHICKENPOX_16        BODY: {1}Letter - punctuation -
{6}Letter
> >   2.3 MANGLED_LOW            BODY: mangled low
> >   0.1 FU_FREE                URI: FU_FREE
> >   1.5 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL
> > blocklist
> >                              [URIs: innhgh.com]
> >   3.0 URIBL_BLACK            Contains an URL listed in the URIBL
> blacklist
> >                              [URIs: innhgh.com]
> >   1.6 MISSING_SUBJECT        Missing Subject: header
> >   2.5 FM_NO_FROM_OR_TO       FM_NO_FROM_OR_TO
> >   0.5 FM_NO_TO               FM_NO_TO
> >   3.2 FM_MASKEDW0RDS         FM_MASKEDW0RDS
> >
> >
> > --
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> <Snip>
> Thank you.  If I may ask.  How did you test that?  Command line or
> mailwatch?  Looked like a mailwatch report but how did you send it?
> Anyway...
> 


<snip>
1)
Ok, I have updated my rules.
My currect trusted rulesets for rulesdujour:
TRUSTED_RULESETS="
RANDOMVAL
ANTIDRUG
BLACKLIST
BLACKLIST_URI
EVILNUMBERS
EVILNUMBERS1
EVILNUMBERS2
TRIPWIRE
SARE_ADULT
SARE_BAYES_POISON_NXM
SARE_CODING
SARE_HEADER
SARE_BML
SARE_BML_PRE25X
SARE_FRAUD
SARE_FRAUD_PRE25X
SARE_OEM
SARE_SPECIFIC
SARE_SPOOF
SARE_RANDOM
SARE_RATWARE

  I am having problems getting the ones that have multiple files to work
though (the reason that I did not have them to begin with).  To make
sure that I am clear on this, *.cf files go into the
/etc/mail/spamassassin/ directory don't they?  And not the
/etc/mail/spamassassin/rulesdujour/ directory?

	a) I put the files in both places.  For instance uri
http://www.rulesemporium.com/rules.htm#uri
I put the files:
70_sare_uri0.cf
70_sare_uri1.cf
70_sare_uri3.cf
70_sare_uri_eng.cf
70_sare_uri_arc.cf
In the places mentioned above.
	b) I put the line SARE_URI0 in the file /etc/rulesdujour/config
	c) Then I ran /root/bin/rules_du_jour and I get
No index found for ruleset named SARE_URI0.  Check that this ruleset is
still valid.




2)
Also, when I go to the mailwatch tools and to a lint test, should I be
concerned about the time that it takes to do certain things?  Some
things take 3+ seconds to do.
debug: bayes: 13674 tie-ing to DB file R/O
/etc/MailScanner/bayes/bayes_toks
	took 44 seconds
debug: all '*To' addrs:
	took 10 seconds

Finish - Total Time 77.1091

Those are the major offenders, there are a handful of others taking from
3-5 seconds.  I keep this up I'll have to get a bigger machine hey.  

Load average says:
MailScanner:  YES  7 children 
Sendmail:  YES  5 proc(s) 
Load Average: 3.04 3.02 2.56 
 
Mail Queues 
Inbound: 4 
Outbound: 0

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!