Ok, thanks for explaining. If add-ons are added should the `required' level be increased in order to prevent to much false positives?
Really it depends on what the FP ratio of the added rules are like. Usualy not, or only very slightly, as most add-ons are mass-checked for FPs and the scores and/or rules are adjusted accordingly.
The biggest problem I saw with that message is it had two versions of tripwire, both running at the same time. One older version with roughly 0.7 as a score, one newer one with roughly 0.1 as a score. The current version has names and scores consistent with the low-scoring version.
http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf
If you took away the 15 FVGT_TRIPWIRE_* hits the score of the message would have gone down by about 10.5 points.
Find the duplicates and remove them. My guess is the server has both tripwire.cf (old) and 99_FVGT_Tripwire.cf (new) installed in /etc/mail/spammassassin.
You could compensate for the misconfig by increasing score thresholds, but in this case, poor performance would ensue.
> Round numbers are just that.. Adding lots of round numbers makes for a lot > of rounding error.
Is that to say if there are lots of items which may produce rounding errors the `required' level should be increased accordingly?
No.. That error is in Jame's hand calculation of 10.2, not in SA's calculation of 9.9. It doesn't affect the required thresholds or anything else.
What I'm saying is if you hand-add the rounded numbers SA prints in the report you can get a different score than SA does. It could be quite a bit higher or lower, because you're working from a bunch of rounded numbers. Don't be surprised by this, because you're not adding the real scores out of the .cf files.
When SA computes the score, it uses all 4 decimal places. SA only rounds when it prints things in the reports, and that's just to keep the report from getting cluttered.
