[SWLUG] help required with spamassassin

Andy Dixon astleycoder at yahoo.co.uk
Sun Jul 30 07:26:11 UTC 2006 

Hello,

If you can move any spam messages you get into a mailspool file, you can use sa-learn to learn the spam messages.

http://spamassassin.apache.org/full/3.0.x/dist/doc/sa-learn.html

If afterwards you then run through all your legit mail as ham, that will help to eliminate false positives.

HTH

Andy

----- Original Message ----
From: bascule <asura at theexcession.co.uk>
To: discuss at swlug.org.uk
Sent: Sunday, 30 July, 2006 7:43:33 AM
Subject: [SWLUG] help required with spamassassin

i'm getting really low detection rates with spamassassin and i can't work out 
why. mail is received by postfix from fetchmail and handed off to spamd (via 
spamc) and then received back and passed to cyrus, it seems i have sa set up 
right or else i wouldn't get any spam detected right? i have sa configured to 
add an identifier to the subject line and i do get a few everyday, i think my 
config for sa and postfix may be slightly non-standard in that i have a mail 
user (or more than one if i so chose) that isn't a system user, but has a 
user_prefs stored under /var/spool/spamassassin/prefs that is referenced by 
the command that runs spamd:
SPAMDOPTIONS="-d -c  -u cyrus -x 
--virtual-config-dir=/var/spool/spamassassin/prefs/%l"

this tells spamd to use the user prefs of whatever user postfix has destined 
the mail for, my user_prefs is very simple:

required_hits 5
rewrite_header Subject [SPAM]
report_safe 0
auto_whitelist_path        /var/spool/spamassassin/auto-whitelist
auto_whitelist_file_mode   0666
dcc_home                   /var/lib/dcc
whitelist_to    cardifffreecycle at yahoogroups.com

under /etc/mail/spamassassin i have a few rulesets:
[root at watson bascule]# ls /etc/mail/spamassassin/
70_sare_adult.cf             70_sare_genlsubj0.cf     70_sare_html0.cf     
70_sare_random.cf    70_sare_uri_eng.cf        local.cf
70_sare_bayes_poison_nxm.cf  70_sare_genlsubj1.cf     70_sare_html1.cf     
70_sare_specific.cf  70_sc_top200.cf           RulesDuJour/
70_sare_evilnum0.cf          70_sare_genlsubj_eng.cf  70_sare_html_eng.cf  
70_sare_spoof.cf     72_sare_bml_post25x.cf    spamassassin-default.rc
70_sare_evilnum1.cf          70_sare_header0.cf       70_sare_obfu0.cf     
70_sare_unsub.cf     99_sare_fraud_post25x.cf  spamassassin-spamc.rc
70_sare_evilnum2.cf          70_sare_header1.cf       70_sare_obfu1.cf     
70_sare_uri0.cf      antidrug.cf               tripwire.cf
70_sare_genlsub0.cf          70_sare_header_eng.cf    70_sare_oem.cf       
70_sare_uri1.cf      init.pre                  user_prefs.template
and i use rules_du_jour to keep them updated, i've begun to wonder though if 
my setup is somehow bypassing all these rulesets, because although there is 
an argument that sa is not necessarily the best spam tool today i would 
expect it to get over half my spam instead of less then half!

if someone with knowledge and time is able to help me trouble shoot this i'd 
be grateful, just ask for any info you need

bascule
-- 
"there's nothing an agnostic can't do if he really doesn't know if he believes
in anything or not" - M.Python
_______________________________________________
SWLUG Discussion List - Discuss at swlug.org
http://swlug.org/mailman/listinfo/discuss




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/swlug/attachments/20060730/df0927d0/attachment.html>

More information about the Swlug mailing list