Re: Why isn't BAYES_99 + BAYES_999 trusted?
On 07/12/2014 12:41 PM, Axb wrote: per default, no "single* SA rule should tag a msg as spam. I'm trying to "trust the defaults". But what would be the hazards of leaving BAYES_99 at 3.5 and upping BAYES_999 to 1.5? It seems that I should be able to trust Bayes to declare a message spam on its own. if you can't imagine the "hazards" you better not do it ;-) That's clear enough advice. And I think I'll take it. But briefly, what are the hazards? Thunderbird's spam filter does well, and I've always figured it was bayes. And it doesn't seem to wait for 200 spam/hams before it kicks in. Also, after considering advice from this list, I've turned autolearn back on. But that advice also implied that a system-wide bayes database works well. I'm still using per-user databases. This is all complex enough that I'm very willing to listen to people with more real-world experience. I'm not getting complaints from my users. But I don't feel that I am doing as well as our ISP's admins did in sorting the spam/ham. And thank you for your help. -Steve Bergman
Re: Why isn't BAYES_99 + BAYES_999 trusted?
On 12. jul. 2014 19.35.10 CEST, Steve Bergman wrote: >Is there some reason that the BAYES_99 + BAYES_999 score does not add >up to 5.0? +1 >I'm trying to "trust the defaults". But what would be the hazards of >leaving BAYES_99 at 3.5 and upping BAYES_999 to 1.5? It seems that I >should be able to trust Bayes to declare a message spam on its own. meta BAYESSTOPPER (BAYES_99 && BAYES_999) score BAYESSTOPPER 1.5 1.5 1.5 1.5 tflags BAYESSTOPPER noautolearn if it works, go for it, dspam already did it :)
Re: Why isn't BAYES_99 + BAYES_999 trusted?
On 07/12/2014 07:35 PM, Steve Bergman wrote: Is there some reason that the BAYES_99 + BAYES_999 score does not add up to 5.0? per default, no "single* SA rule should tag a msg as spam. I'm trying to "trust the defaults". But what would be the hazards of leaving BAYES_99 at 3.5 and upping BAYES_999 to 1.5? It seems that I should be able to trust Bayes to declare a message spam on its own. if you can't imagine the "hazards" you better not do it ;-)
Why isn't BAYES_99 + BAYES_999 trusted?
Is there some reason that the BAYES_99 + BAYES_999 score does not add up to 5.0? I'm trying to "trust the defaults". But what would be the hazards of leaving BAYES_99 at 3.5 and upping BAYES_999 to 1.5? It seems that I should be able to trust Bayes to declare a message spam on its own. -Steve Bergman Spamassassin 3.3.1 Spamass-milter 0.3.1-9 dovecot-antispam 1.2+20090702-1ubuntu0.10.04.1 Ubuntu 10.04 LTS
Re: Obfuscated Windows excecutables (was Re: Ideas sought for blocking new variant of cryptolocker)
On Jul 10, 2014, at 5:17 PM, Joe Acquisto-j4 wrote: On 7/10/2014 at 3:35 PM, "David F. Skoll" wrote: >> On Thu, 10 Jul 2014 12:25:50 -0700 >> Ted Mittelstaedt wrote: >> >>> Fundamentally I think the problem is with attachments. >> >> No, the problem is not with attachments. An attachment actually included >> in an email is no more dangerous than an attachment downloaded via a link. >> Email attachments are far too convenient; no-one's going to give them up. >> >> The problem is that Windows encodes metadata such as "this is >> executable" in the filename, making it trivial for attackers to get >> their payloads to run. The simple act of renaming a file in Windows >> can be the equivalent of "chmod a+x" in UNIX. A Windows user probably >> does not realize that renaming a file can have dire consequences, whereas >> even a casual UNIX user might pause if asked to chmod a file after >> saving it. >> >> (Note well this article: http://lwn.net/Articles/178409/ which points >> out that some UNIX desktop environments are repeating the mistake made >> by Windows.) >> >> Regards, >> >> David. > > Actually, that goes back to the days of XX-DOS, CP . . err, umm . . . > Lordy, now I do feel old. > > joe a. Long live Multics and ITS! -Philip
