On 02/12/17 13:06, Matus UHLAR - fantomas wrote:
On 12/01/2017 11:17 AM, Sebastian Arcus wrote:
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[212.227.126.131 listed in
wl.mailspike.net]
0.4 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html
MIME
1.6 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes
of words
2.0 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4808]
0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 HTML_MESSAGE BODY: HTML included in message
2.5 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
http://www.dnswl.org/, no
trust
[212.227.126.131 listed in
list.dnswl.org]
On 01/12/17 10:54, Axb wrote:
you've changed SA default scores and now complain about one which
hasn't been touched as cause for FPs?
compare the defaults with yours...
score PYZOR_CHECK 0 1.985 0 1.392 # n=0 n=2
score BAYES_50 0 0 2.0 0.8
hmmmm.... maybe you should rethink those changes.
On 01.12.17 12:23, Sebastian Arcus wrote:
Indeed, I did amend some of the default SA scores, to catch more spam
for the type of email received at this particular site. That doesn't
change the fact that 1.6 seems to me a pretty high score for a rule
which would be triggered on such a large number of ham emails. Just
saying.
You should understand that when you start tuning scores, you can get to
hell
very fast. unless you do your own mass-checks and tune according to them.
I'm not too sure I understand this attitude. The whole reason I started
to tweak the scores for certain rules is that too much spam was going
through. The false negatives have gone down considerably since I have
altered the scores - and yes, I do keep an eye on them constantly and
adjust depending on the number of false positive and negatives, and what
triggers what. I also use network tests / RBL's as well and Bayes. The
simple fact of the matter is that on plenty of spam emails, only one
significant rule might get triggered - be it a high bayes score, one of
the DNS RBL's or something else. If the rule doesn't have a high enough
score, the email passes through.
Spammers change their tactics and content of their emails all the time -
and the rule scores haven't been updated in months - because of the
problems with the updating system (which is not a criticism - I
understand the situation). So for people to advise sticking religiously
to the default scores, well, frankly I don't get it.