Spam Detection Around 55%

Julian Field MailScanner at ecs.soton.ac.uk
Sat Oct 28 16:32:28 IST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Matt Kettler wrote:
> Daniel Straka wrote:
>   
>> I've seen number of spam detected as high as 82% of all incoming email
>> on Sundays. On weekdays that number drops down to around 55% and I'd say
>> that a lot (2000 or so) are getting through on those days. A lot of them
>> are the stock spam with gif. Here's what spamassassin --lint
>> returns...does this indicate problem that if fixed would make a big
>> difference? I don't know anything about configuring the pyzor or dcc
>> things.
>>
>> mail1:/home/dstraka # spamassassin --lint
>> [13926] warn: config: SpamAssassin failed to parse line,
>> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path
>> /usr/bin/pyzor
>> [13926] warn: config: failed to parse line, skipping: dcc_path
>> /usr/local/bin/dccproc
>> [13926] warn: lint: 2 issues detected, please rerun with debug enabled
>> for more information
>>     
>
>
> If you don't have DCC, or pyzor, comment out their lines in
> spam.assassin.prefs.conf.
>
> Why those are even present in this file is beyond me.
>
> Why does MailScanner decide I've installed dcc in /usr/local/bin. What if I
> installed it with PREFIX=/usr?
>
> It's my own opinion that *everything* in that file should be commented out by
> default, except "envelope_sender_header".
>
> I could *maybe* see keeping "use_auto_whitelist", but only because I think the
> AWL isn't ready to be run on production servers (it lacks reasonable expiry)
>
> the bayes_ignore_header settings are a good idea, but are useless unless
> manually edited. Thus, they should be commented out by default.
>
> All the rest of the options that are in there aren't a function of MailScanner,
> they're a function of other aspects of your system.
>
>
>
> The existing file assumes:
>
> you have DCC and pyzor installed, and have enabled their plugins
> you don't use NFS, so flock is safe
> you have working DNS (likely, but not always true)
> you don't want to use the AWL.
>
> The last 3 are probably safe for 99% of sites, but the NFS bit could really bite
> someone in the butt.
>   
I set them to sensible values that will be correct for 99% of my users, 
particularly the less knowledgeable ones. I don't know anyone who runs a 
mail server with no dns, it would make lots of things rather hard. If 
you run a mail server with no dns successfully, you probably know enough 
to be able to tweak 1 config file.

You are quite entitled to your opinions, and you are quite entitled to 
edit the config files too. They aren't rules, they are just a starting 
point for your own edits.

I'm not going to get into an argument over this, it's a straight 
difference of opinion. You have your view, I have mine. Let's just agree 
to disagree.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.0 (Build 1112)
Comment: Fetch my public key foot-print from www.mailscanner.info
Charset: ISO-8859-1

wj8DBQFFQ3jZEfZZRxQVtlQRAgb7AKDHBtK4WXZ3yo3Vqg84efdvuCBAbQCffTe3
mICwzNqUR8Jm68sPuGpHECA=
=pxTn
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk



More information about the MailScanner mailing list