SpamAssassin help

[bobrk]

Even at 1, many things that I think are not spam at all are not getting through. I haven't touched my scores, it's too daunting.

[Guest]

If you're shopping for features, it'd be nice to be able to flag some senders/subjects/other criteria to go directly to /dev/null rather than just the graymail box without having to get all caught up in the World of Procmail

[kgc]

There's an option in the configuration in the membertools to send any blacklisted mail directly to /dev/null.

[kgc]

Even at 1, many things that I think are not spam at all are not getting through. I haven't touched my scores, it's too daunting.

Even at 1? The default score is 5, so having it at 1 would result in a TON of false positives. Or perhaps I'm misunderstanding?

[tensigh]

I'm really not happy hearing that you've had trouble with false positives and need to review your graymail report at all. We're discussing the possibility of switching to a commercial email security/spam filtering service with the hope of improving the overall reliability and accuracy of our filtering.

Thank you. I actually like SpamAssassin; it's cool that I can tweak the settings and learn how a spam filter works. But I started tweaking those settings 1-2 years ago and now it's just getting tiresome. I have to check the graylist report daily for the false positives. So it's nice to hear that Sonic is looking into a service that would reduce this.

The worst thing is that a lot of spam and legit mail use HTML which seems to be the #1 item on the filtering list when I either get false positives or spam. I set the HTML requirement from its current setting to something like 1.6 and my spam rating is set to 2.0 so it really weeds out the spam. The drawback is the false positives so I spend time whitelisting those, but now you see the dilema.

[tensigh]

See, here is a perfect example. I got a spam today that only ranked 1.8 on the scale and I've tweaked these settings to be higher, and if a mail is 2.0 it's supposed to be spam.

This is from the header:

X-Spam-Status: No, score=1.8 required=2.0 tests=DCC_CHECK,HTML_MESSAGE,
RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=disabled version=3.3.2

So despite my best efforts, yet another spam got through. Further, two emails that AREN'T spam got labeled as spam.

[bobrk]

Even at 1, many things that I think are not spam at all are not getting through. I haven't touched my scores, it's too daunting.

Even at 1? The default score is 5, so having it at 1 would result in a TON of false positives. Or perhaps I'm misunderstanding?

I'm having trouble articulating what my problem is.

Having the score at 1 is awesome. I dump 20 or 30 or more junk emails a day. But I also get a few false positives. I can whitelist the address, but that seems somewhat unsophisticated. The junk filter on my Mac seems to be easier to train, I just tell it which ones are ok, and it adjusts it's own scores based on that email. This one seems more all or nothing.

I guess it should be better at recognizing legit emails. I know they're legit, can't it read my mind?

[thulsa_doom]

I guess it should be better at recognizing legit emails. I know they're legit, can't it read my mind?

Agreed. Our previous attempts at tracking down spam through the use of specialized dreamwalkers haven't been as successful as we'd have wanted, but our new psychics are looking promising.

Seriously, though, I prefer a layered approach to my spam filtering. We've got our DNS blocklists up and running, which reject a huge volume of spam but don't result in anything going to Graymail, so I don't want them to be too aggressive. Then we've got SpamAssassin weeding out a certain subset of messages that can be broadly recognized as spam based more on the content of the headers and body of the message. I have tinkered with the scores and thresholds for this but find that the default total of 5 works best to knock spam out without touching my legitimate mail (I haven't had a false positive in ages). Those two layers basically just keep the raw volume of spam hitting my mail client to a minimum so that I'm not spending a bunch of time downloading messages that my third layer of defense will end up throwing away anyway. Finally, if something leaks through and still looks spammy, I just delete it and move on with my day.

By leaving the threshold at 5 I avoid false positives at the cost of having a few spams to delete. I find that striking the delete key a few times while going through my messages is less of a hassle than staying perpetually vigilant with my Graymail notifications or maintaining an ever-growing whitelist and blacklist.

Your mileage may vary; even though I've had my address for over fifteen years I don't seem to get the kind of heavy spam volume that some folks receive.

[bobrk]

Ok, I got one for you. Why can't I whitelist an email list? That would be a great start, since some of the false positives are people I don't necessarily correspond with that wind up in the graymail and you can see what a mess it would be to have to white list everyone on an email list separately.

Generally, I'm still quite happy with something that is not an easy problem to solve...

[tensigh]

Ok, I got one for you. Why can't I whitelist an email list? That would be a great start, since some of the false positives are people I don't necessarily correspond with that wind up in the graymail and you can see what a mess it would be to have to white list everyone on an email list separately.

Generally, I'm still quite happy with something that is not an easy problem to solve...

Do you mean importing a file and having that read as a whitelist?