> I know this is a non-answer, but what sort of scores are your false > positives getting?
About 5.0 to 13, depending on the type. > If they're all tending toward 5.1-10, you might be able to raise your > threshold rather than messing with the GA scores. I use a threshold of 7.0 > and haven't had a false positive in about a month. Nope, I don't want to raise the floor and let more spam through. I was going to do this but it's really a non-answer, as the GA just has to be better tuned with the particular type of spam I'm receiving. > If they're all coming from a similar source (i.e. a mailing list) you might > be better off whitelisting rather than changing scores. Whitelisting is nasty but I have been adding the spammier-but-legit places like chapters.ca, canadiantire.ca, mailbits, etc. to my SQL table. Whitelisting is a stopgap measure at best. > If you're getting false positives with really high scores, you might let us > know which rules they're hitting, as the rules might need work. The biggest (by far) is Yahoo and MSN/Hotmail addresses. You know, Antie Em's niece's brother's best friend forwarding HI!!!!!!!!!!!!!!! in +7 font or forwards of forwards of recipes or jokes. One thing I have noticed (and added to my list of tests) is that MSN/Yahoo email which is not spam always has one of several of their headers at the bottom. I think I'm scoring those tests at -7 right now (yes it's that good of an indicator, at least until the spammers figure it out). My actual hit rate with SA2.20 since 8pm on May 9: clean messages: 25625 spam messages: 12794 false positivies: 175 33.15% of all our incoming mail is spam, and SA has a 99.322% success rate. Not bad! By including my specific tests and running those 175 through the GA I'm sure I can get it to less than one a week (which is my goal). My modified scores for SA2.20 right now are as follows: score INCIID_MSG -10 score M_AND_M_MEATS -10 score FROM_AND_TO_SAME 0.00 score SUBJ_ALL_CAPS 0.90 score LOCAL_ISP -7.00 score MAILBITS_EMAIL -9.0 score SUBJ_MISSING 1.50 score PLING_PLING 0.00 score PLING 0.00 score GROUPS_MSN -4.0 score LINES_OF_YELLING_3 -1.75 score FWD_MSG -1.7 score GROUPS_MSN -5.0 score GROUPS_YAHOO_1 -1.5 score GROUPS_YAHOO -1.5 score FAKED_UNDISC_RECIPS 1.40 score HOTMAIL_FOOTER1 -7 score HOTMAIL_FOOTER2 -7 score HOTMAIL_FOOTER3 -7 score HOTMAIL_FOOTER4 -7 score HOTMAIL_FOOTER5 -7 score MSN_FOOTER1 -7 score MSN_FOOTER2 -7 Regards, Andrew _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
