sare top choices
Greetings I pulled down a large subset of all the sare filters today on a test mail server... -rw-r--r-- 1 root root 53868 Apr 20 02:00 70_sare_adult.cf -rw-r--r-- 1 root root 3839 Jun 1 2005 70_sare_bayes_poison_nxm.cf -rw-r--r-- 1 root root 24298 Oct 5 2005 70_sare_evilnum0.cf -rw-r--r-- 1 root root 45933 Dec 26 2005 70_sare_genlsubj0.cf -rw-r--r-- 1 root root 123406 May 21 13:00 70_sare_header0.cf -rw-r--r-- 1 root root 28066 Jun 3 22:00 70_sare_html0.cf -rw-r--r-- 1 root root 51886 Oct 1 2005 70_sare_obfu0.cf -rw-r--r-- 1 root root 12739 Dec 27 2005 70_sare_oem.cf -rw-r--r-- 1 root root 18190 Dec 12 2005 70_sare_random.cf -rw-r--r-- 1 root root 97820 May 27 20:00 70_sare_specific.cf -rw-r--r-- 1 root root 20301 Jul 25 09:00 70_sare_spoof.cf -rw-r--r-- 1 root root 59515 Oct 18 13:00 70_sare_stocks.cf -rw-r--r-- 1 root root 25124 Nov 12 2005 70_sare_unsub.cf -rw-r--r-- 1 root root 17879 Oct 4 2005 70_sare_uri0.cf -rw-r--r-- 1 root root 13211 Jun 1 2005 72_sare_bml_post25x.cf -rw-r--r-- 1 root root 15481 May 15 20:00 72_sare_redirect_post3.0.0.cf -rw-r--r-- 1 root root 10147 Jun 1 2005 99_sare_fraud_post25x.cf I didn't snag all of them. Im still contemplating the one that says it needs network tests on and spf on and something else. For those of you that use these, can you rate them on how effective in general? Um I do not think I want to run them all and so i am looking for help to trim it to the top 3 to 5 "or so" of them to use... It appears that several of you run all of them... Any helpful comments will be appreciated. Thanks and kind regards, - rh -- Robert - Abba Communications Computer & Internet Services (509) 624-7159 - www.abbacomm.net
Re: sare top choices
On Thu, Oct 19, 2006 at 10:27:57AM -0700, R Lists06 wrote: > Greetings > > I pulled down a large subset of all the sare filters today on a test mail > server... > > -rw-r--r-- 1 root root 53868 Apr 20 02:00 70_sare_adult.cf > -rw-r--r-- 1 root root 3839 Jun 1 2005 70_sare_bayes_poison_nxm.cf > -rw-r--r-- 1 root root 24298 Oct 5 2005 70_sare_evilnum0.cf > -rw-r--r-- 1 root root 45933 Dec 26 2005 70_sare_genlsubj0.cf > -rw-r--r-- 1 root root 123406 May 21 13:00 70_sare_header0.cf > -rw-r--r-- 1 root root 28066 Jun 3 22:00 70_sare_html0.cf > -rw-r--r-- 1 root root 51886 Oct 1 2005 70_sare_obfu0.cf > -rw-r--r-- 1 root root 12739 Dec 27 2005 70_sare_oem.cf > -rw-r--r-- 1 root root 18190 Dec 12 2005 70_sare_random.cf > -rw-r--r-- 1 root root 97820 May 27 20:00 70_sare_specific.cf > -rw-r--r-- 1 root root 20301 Jul 25 09:00 70_sare_spoof.cf > -rw-r--r-- 1 root root 59515 Oct 18 13:00 70_sare_stocks.cf > -rw-r--r-- 1 root root 25124 Nov 12 2005 70_sare_unsub.cf > -rw-r--r-- 1 root root 17879 Oct 4 2005 70_sare_uri0.cf > -rw-r--r-- 1 root root 13211 Jun 1 2005 72_sare_bml_post25x.cf > -rw-r--r-- 1 root root 15481 May 15 20:00 72_sare_redirect_post3.0.0.cf > -rw-r--r-- 1 root root 10147 Jun 1 2005 99_sare_fraud_post25x.cf > > I didn't snag all of them. > > Im still contemplating the one that says it needs network tests on and spf > on and something else. > > For those of you that use these, can you rate them on how effective in > general? The "adult" one is good, though I had some FPs on a corpus I ran through and derated some specific scores a bit. (I'm also using an alternate scoring system.) I've been running that one for at least a couple years. Just adding the "stocks" one now, as it's the main spam category that's getting through at the moment. I'd view both those, at least, as essential. -- Clifton -- Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED] President - I and I Computing * http://www.iandicomputing.com/ Custom programming, network design, systems and network consulting services
RE: sare top choices
R Lists06 wrote: > Greetings > > I pulled down a large subset of all the sare filters today on a test > mail server... > > 70_sare_adult.cf > 70_sare_bayes_poison_nxm.cf > 70_sare_evilnum0.cf > 70_sare_genlsubj0.cf > 70_sare_header0.cf > 70_sare_html0.cf > 70_sare_obfu0.cf > 70_sare_oem.cf > 70_sare_random.cf > 70_sare_specific.cf > 70_sare_spoof.cf > 70_sare_stocks.cf > 70_sare_unsub.cf > 70_sare_uri0.cf > 72_sare_bml_post25x.cf > 72_sare_redirect_post3.0.0.cf > 99_sare_fraud_post25x.cf > > I didn't snag all of them. > > Im still contemplating the one that says it needs network tests on > and spf on and something else. > > For those of you that use these, can you rate them on how effective in > general? > > Um I do not think I want to run them all and so i am looking for > help to trim it to the top 3 to 5 "or so" of them to use... > > It appears that several of you run all of them... > > Any helpful comments will be appreciated. > > Thanks and kind regards, The most effective SARE rulesets for me are: 70_sare_stocks.cf 70_sare_adult.cf 70_sare_specific.cf In general, the best rules on my system are: Bayes Razor URIBL DCC SURBL SARE_STOCKS SARE_ADULT SARE_SPECIFIC FUZZYOCR is also quite useful. It doesn't get as many hits as some of the others, but it hits on the image spams that the other rulesets frequently miss. -- Bowie
