Re: improving detection to cloudmark-like levels?

On 19 Oct 2017, at 5:18 (-0400), Jari Fredriksson wrote: > Hit points like 10 points for this issue BAD_TLD are just killing my=20 > system, which will report to spamcop, razor and pyzor without manual=20 > intervention :( I don't really know the Razor or Pyzor policy, as I believe they are

Re: improving detection to cloudmark-like levels?

On 10/19/2017 5:18 AM, Jari Fredriksson wrote: The mail is ham from sourceforge.net. I'm able to deliver the post to=20 KAM if he is willing to look at it. It's a rule likely to FP but yes, there are instructions in KAM.cf about FP reports.  I've lowered the score on that rule. Regards,

Re: improving detection to cloudmark-like levels?

On 10/19/2017 04:18 AM, Jari Fredriksson wrote: David Jones kirjoitti 13.10.2017 14:16: On 10/13/2017 04:45 AM, Jari Fredriksson wrote: I don't use Kam.cf as it is very prone to false=20 positives and way too aggressively scored by default. I'm pretty happy= =20 with my

Re: improving detection to cloudmark-like levels?

Auto report on spam with 10+ AS points. All other spam is manually reported. br. jarif Jari Fredriksson kirjoitti 19.10.2017 12:18: David Jones kirjoitti 13.10.2017 14:16: On 10/13/2017 04:45 AM, Jari Fredriksson wrote: I don't use Kam.cf as it is very prone to false=20

Re: improving detection to cloudmark-like levels?

David Jones kirjoitti 13.10.2017 14:16: On 10/13/2017 04:45 AM, Jari Fredriksson wrote: I don't use Kam.cf as it is very prone to false=20 positives and way too aggressively scored by default. I'm pretty happy= =20 with my current setup with 3.4.1 though. =20 =20 If you are

Re: improving detection to cloudmark-like levels?

On 10/13/2017 04:45 AM, Jari Fredriksson wrote: I don't use Kam.cf as it is very prone to false positives and way too aggressively scored by default. I'm pretty happy with my current setup with 3.4.1 though. If you are happy with your SA accuracy, don't change a thing. :)

Re: improving detection to cloudmark-like levels?

I don't use Kam.cf as it is very prone to false positives and way too aggressively scored by default. I'm pretty happy with my current setup with 3.4.1 though. 12. lokakuuta 2017 17.07.41 GMT+03:00 "Kevin A. McGrail" kirjoitti: >On 10/12/2017 9:25 AM, AJ Weber

Re: improving detection to cloudmark-like levels?

On 10/12/2017 11:33 AM, Ian Zimmerman wrote: I don't know how you got the supposition about pyzor. pyzor is completely independent of Cloudmark (unlike razor) and AFAIK pyzor scores are based on participating users' reports and nothing else. Sorry.  It is razor2 that is (or was - according to

Re: improving detection to cloudmark-like levels?

On Thu, 12 Oct 2017, AJ Weber wrote: Using the standard rule updates channel and "sought.rules.yerp.org". (I don't see those updated too often, maybe I need to check on that update process.) As far as I know, the Sought rules aren't being generated any more, and haven't been for a few years

Re: improving detection to cloudmark-like levels?

On 2017-10-12 09:25, AJ Weber wrote: > So I'm sure they have some "secret sauce" and I'm not asking for that > to be revealed, but since pyzor is supposedly using their database, > I'm just trying to figure out if there's a way to get my SA filter to > improve even further and close the gap? I

Re: improving detection to cloudmark-like levels?

On 10/12/2017 09:32 AM, AJ Weber wrote: On 10/12/2017 10:07 AM, Kevin A. McGrail wrote: On 10/12/2017 9:25 AM, AJ Weber wrote: I'm open to new rules, plug-ins, etc. Spam volume is only getting worse, and these spammers are getting more creative. Hi AJ, I have to say that 3.3.0 is pretty

Re: improving detection to cloudmark-like levels?

On 10/12/2017 10:07 AM, Kevin A. McGrail wrote: On 10/12/2017 9:25 AM, AJ Weber wrote: I'm open to new rules, plug-ins, etc. Spam volume is only getting worse, and these spammers are getting more creative. Hi AJ, I have to say that 3.3.0 is pretty old.  I'd look to run a newer version,

Re: improving detection to cloudmark-like levels?

On 10/12/2017 9:25 AM, AJ Weber wrote: I'm open to new rules, plug-ins, etc.  Spam volume is only getting worse, and these spammers are getting more creative. Hi AJ, I have to say that 3.3.0 is pretty old.  I'd look to run a newer version, invest some time into researching a few RBLs and

improving detection to cloudmark-like levels?

OK, please, this is meant with all good intentions... I have been running SA 3.3.0 on my server for years.  Using the standard rule updates channel and "sought.rules.yerp.org".  (I don't see those updated too often, maybe I need to check on that update process.)  Also enabled:  DCC, Pyzor and