Does spamassassin cache database lower the amount of spamassassin timeouts?

[Matt Kettler]

Taso Chatziantoniou wrote:

> 
> Also one other question ..
> Does anyone know of a good site or forum that we can submit sample spams
> to help us figure out a way to block them. We keep getting these stock
> html image only files with bayes poisining on the bottom that we cannot
> seem to find a pattern to to block.

Generally the best place for that would be on the spamassassin-users mailing list.

If possible, extract the offending message as a raw mime.822 file (ie: full
email with all headers and mime segments) and attach it to your posting.

That said, in general a lot of the image-based spams are best dealt with by
these methods:

Razor - razor's e4 engine does it's hashing on a per-mime-segment basis, so it
can realize the image is spam even if the body text keeps changing.

URIBLs - if the HTML has any link back to the website.

DNSBLs - a lot of these are sent via infected hosts listed in XBL.

Bayes training - some folks try to avoid training spam containing poison..
Don't. Train it all, let the statistics handle it.  As long as you're training a
reasonable amount of nonspam, SA's chi-squared combinining is VERY resistant to
training this kind of spam causing FPs. On the other hand, not training it is a
sure-fire way to give the spams a good chance slip by as a FN.

If there's a particular kind of image-only spam involved, some of the SARE
rulesets can be helpful. I personally like the following SARE rulesets and use
them on my production systems:


70_sare_adult.cf
70_sare_evilnum0.cf
70_sare_genlsubj0.cf
70_sare_html0.cf
70_sare_obfu0.cf
70_sare_random.cf
70_sare_specific.cf
70_sare_stocks.cf
70_sare_uri0.cf
99_sare_fraud_post25x.cf