Re: Recommendation on SARE rules to add.
On Apr 13, 2005, at 8:16 PM, Robert Menschel wrote: And since I haven't seen any specific rule set files, I'll offer my suggestions there: Thanks for your list you posted a while back... it has been very helpful configuring my set of custom rules. Question: what is your opinion on the SARE_fraud and SARE_obfu rule sets? Also, the SARE_uri0 set checks for alpha-digit-alpha domain names. This will hit many messages sent via one of our services, MailerMailer. All links in those messages are clicked thru the "m1e.net" domain. If, for example, you request avalanche notices in the winter for the pacific northwest, you will get messages from us. Ditto if you're an auto mechanic taking exams from the ASE (which is just about every mechanic out there). I think it has just been luck that no corpus has such messages so far :-) Vivek Khera, Ph.D. +1-301-869-4449 x806 smime.p7s Description: S/MIME cryptographic signature
Re: Recommendation on SARE rules to add.
Hello Robert, Tuesday, April 12, 2005, 10:24:54 PM, you wrote: RM> SA 3.0 RM> I was wondering if anybody had a recommendation for a initial SARE set RM> of rules to add. I am not exactly satisfied with my amount of FN's RM> currently. Any ideas would be appreciated. First -- I'm in full agreement with all of the other suggestions/considerations offered that I've seen. And since I haven't seen any specific rule set files, I'll offer my suggestions there: 70_sare_evilnum0.cf 70_sare_genlsubj0.cf 70_sare_header0.cf 70_sare_html0.cf 70_sare_uri0.cf These above are created and selected and regularly rechecked to avoid any/all hits against ham. They should be safe for everyone. 70_sare_specific.cf 70_sare_oem.cf 70_sare_spoof.cf 70_sare_unsub.cf 70_sare_random.cf 72_sare_redirect_post3.0.0.cf 88_FVGT_Tripwire.cf These aren't quite as safe, but still should be suitable for the great majority of systems. 70_sare_adult.cf 70_sare_bayes_poison_nxm.cf 72_sare_bml_post25x.cf chickenpox.cf weeds_2.cf A little bit more risky, and might FP if one of your users runs an adult book store, is a mortgage broker, or likes to *em*pha*size* words, etc. 70_sare_evilnum1.cf 70_sare_genlsubj1.cf 70_sare_header1.cf 70_sare_html1.cf 70_sare_uri1.cf Like the first set, but a little bit more risky. Will hit ham, but should not cause FPs. If you are located in the USA/England/Canada/Australia, and do not receive foreign-language non-spam, then you can also benefit from 70_sare_genlsubj_eng.cf 70_sare_header_eng.cf 70_sare_html_eng.cf 70_sare_uri_eng.cf I guess we really should put SARE guidelines like this onto a page linked to http://wiki.apache.org/spamassassin/CustomRulesets -- I'll get that started, after as I've put my income taxes to bed... Bob Menschel
Re: Recommendation on SARE rules to add.
-Original Message- From: Jeff Chan <[EMAIL PROTECTED]> To: users@spamassassin.apache.org Date: Wed, 13 Apr 2005 00:42:26 -0700 Subject: Re: Recommendation on SARE rules to add. > On Tuesday, April 12, 2005, 10:24:54 PM, Robert Markin wrote: > > SA 3.0 > > > I was wondering if anybody had a recommendation for a initial SARE > set > > of rules to add. I am not exactly satisfied with my amount of FN's > > currently. Any ideas would be appreciated. > > > Robert > > It might be helpful to see a small, edited, sampling of the FNs > you're seeing. There's a number of SARE people monitoring this list, so if you have specific rules that don't work, you can always mail them directly. Almost all of our rulesets have a maintainer mantioned at the top in the comments (just open the rule file in notepad/vi). The maintainer is the first person to contect in these cases. Jesse SARE Ninja!
RE: Recommendation on SARE rules to add.
> -Original Message- > From: Robert Markin [mailto:[EMAIL PROTECTED] > Sent: 13 April 2005 06:25 > To: users@spamassassin.apache.org > Subject: Recommendation on SARE rules to add. > > SA 3.0 > > I was wondering if anybody had a recommendation for a initial > SARE set of rules to add. I am not exactly satisfied with my > amount of FN's currently. Any ideas would be appreciated. > > Robert > It's hard for us to say what rules you should and shouldn't use because you don't supply any details regarding what type of server you are running. If you're running a personal site, then there isn't any real reason not to use most of them. If you are paranoid about FPs that changes completely, and equally if you're an ISP then you'll want a different set again. The other thing to bear in mind is that we all have different opinions about this, but ultimately its on your head, so if its in a business environment I would suggest that you try and understand what the rulesets do yourself rather than taking whatever recommendations we might give. All that being said, my gut feeling from your email address is that you're running a local server and want to filter spam for yourself and your family. I do the same at home and have relatively few FPs from my system (mostly HTML newsletters that won't behave) R --- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact [EMAIL PROTECTED]
Re: Recommendation on SARE rules to add.
On Tuesday, April 12, 2005, 10:24:54 PM, Robert Markin wrote: > SA 3.0 > I was wondering if anybody had a recommendation for a initial SARE set > of rules to add. I am not exactly satisfied with my amount of FN's > currently. Any ideas would be appreciated. > Robert It might be helpful to see a small, edited, sampling of the FNs you're seeing. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Recommendation on SARE rules to add.
SA 3.0 I was wondering if anybody had a recommendation for a initial SARE set of rules to add. I am not exactly satisfied with my amount of FN's currently. Any ideas would be appreciated. Robert