I'm also curious as to what people's best practice settings are. I will give a brief rundown here - if other people could do the same it might help everyone to tune their systems.
Validate Helo is set to score Validate Sender set to block Senderbase is set to score but country blocking is off as we have several companies that trade internationally. DNSBL is set to score however the score is set to higher than the spam threshold so that I have only one place to configure the error message. Lists are the following: zen.spamhaus.org=>127.0.0.2=>1 zen.spamhaus.org=>127.0.0.3=>1 zen.spamhaus.org=>127.0.0.4=>1 zen.spamhaus.org=>127.0.0.5=>1 zen.spamhaus.org=>127.0.0.6=>1 zen.spamhaus.org=>127.0.0.7=>1 zen.spamhaus.org=>127.0.0.8=>1 bl.spamcop.net=>1 ix.dnsbl.manitu.net=>2 bb.barracudacentral.org=>2 bogons.cymru.com=>1 db.wpbl.info=>2 dnsbl-1.uceprotect.net=>2 psbl.surriel.com=>2 bl.spameatingmonkey.net=>127.0.0.2=>1 dnsrbl.swinog.ch=>3 dsn.rfc-ignorant.org=>1 bl.mailspike.net=>1 URIBL is disabled as we got a lot of false positives off it. I'd be interested what lists and weights people give to their URIBL checks to make them more accurate. Bayes and HMM do my head in - despite putting tonnes of effort into maintaining it we constantly get false positives. They are both set to score. Currently baysValencePV is set to 30 and HMMValencePV set to 20 as the last month or so has seen really bad results. Our spam threshold is 50. Backscatter is set to block No testmodes are on. The collection/maintenance settings store the full file so that resends work and they are kept for a max of 7 days. Correction folders are not cleaned out. Global penalty box is off - does anyone used this and find it useful? I missed that you had to register and pay something (amount not specified). Block reporting is on for some users, off for others. We want to get it on for all so that users are all reporting errors to hopefully improve the system. ASSP_ARC is off ASSP_DCC is set to score but I've never actually seen it do anything ASSP_AFC is enabled and set to do both ASSP_OCR is disabled. I found that with it enabled we were getting a message scored by Bayes twice when it was a message sent in two formats (ie html with a plain text version) and didn't have the time to figure out how to compensate for that. Before disabling I set it to monitor but was surprised to find that messages were still being blocked because of it. Disable was the only way. I suspect that a lot of our Bayes problems started when ASSP_OCR was activated and we have never recovered. -----Original Message----- From: Grayhat [mailto:gray...@gmx.net] Sent: 27 September 2013 13:55 To: assp-test@lists.sourceforge.net Subject: Re: [Assp-test] Virus scanners > So far I have identified two domains that most mail claims as the from > address. Both publish SPF records but define ~all so I have added them > to strictSPFRe. Hmmm... now I'm becoming curious; you're running ASSP, so, which filters did you enable (set aside SPF and AV scanning) ? See, it sounds like you're running w/o some filters (e.g. DNSBL/DNSWL and URIBL/URIWL) ---------------------------------------------------------------------------- -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
