> I'm still trying to come up with an "easy to implement" way > to give us more control over "conflicting" final actions. > Specifically, I have several tests set to "HOLD" or "DELETE" > (in fact, the vast majority of incoming > mail) - however, a small number of them escaped detection by > Sniffer or other services, which have an interest in > receiving a copy of such mail.
After asking several times for features like this, I've switched to another way how to resolve this: 1.) Hold anything that is over a secure threeshold. 2.) Set additional WARN actions so that any SMD-file has enough information in the header-part 3.) Write some app, or script that parses all x minutes/hours the spam folder. For example: We hold on 100 and I've never seen a false positive over 165 points. So I've set up another WARN action for 200 points. (we hold on 100) Now if there is a SMD-file containing the WHEIGHT200 warning our script will move this message automaticaly to the spam/hold folder. So we can save a lot of review work because only 4% of the hold spam messages on our system is in the 100-200 range. Or another example: Search fo all messages containing the the WEIGHT200 warning (or whatever fits for your weighting system) but doesn't contain SNIFFER. (btw: works great ;) I'm sure Pete would be very interested if you forward such messages. There are also other possible features that can be processed in this way: For example: Assuming that every message having a final weight of 200% of the hold weight has a 99,999999% probability to be spam. Why not process this message contents and filter out URLs and so on? Maybe someone has time and knowledge to implement such a combination of tools: Spam-Analyzer and external test filtering on the collected data. If the collected URLs would be saved in a database, beside a counter for spam messages and legit messages containing this URL it should be very reliable. Maybe it would also be a nice thing to resolve IP-adresses of al this URLs. So hopefully it would be possible to identify webservers hosting a lot of spam websites... and punish them. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
