From: "Chris Norman" <[EMAIL PROTECTED]>
I host about 10 domains on a w2k server (when you're done mocking,
please continue). Currently, I use ASSP which isn't very effective but
helps a lot.
Occasionally, I'll get fed up and dig into implementing SA instead but
then stop short after readying about how it doesn't run as a service
well et al.
However, it runs well as a service and I actually run 4 simultaneous
instances of it for various levels of filtering. Also, since it is bayes
based, it allows for unique per domain databases for those that need it.
There are some commercial SA solutions (Catch! is one I keep circling
back to because of it's unlimited domains / users versus price). But it
doesn't have an obvious popb4smtp engine that I can see.
Then, I see the flood of emails in this list about the rules, etc.
Do you have to constantly tune your rules? How often do you need to do
this for it to be effective?
Well, that is an interesting question because it does not have a simple
answer. Now, I am assuredly not running a commercial setup. But I can
to a degree scale up my experience here. Mostly I have to keep my SARE
rules up to date. (I use my own script because RDJ was not 'real' when
I built it. It works. I know how to tune it. So.... {^_-}) I run it
every time I notice a mention of updates. Once in a while (months) I
check the SARE site for new rule sets. (With one of the semi-ninjas
sitting right behind me much of the time you'd think I'd be more
diligent. But, I'm a lazy bit<oops>. {^_-}) Aside from the rules updates,
usually about once a week to once a month, I myself don't write any
rules more often than "this one tee'd me off". Usually it is a rule
that experienced the slight negative score I give the LKML and still
scored BAYES_99, which I have at 5.0.
I am content to review my low scoring spam, usually the few below 10 to
15 points, for mismarked ham. (I readjusted my LKML meta rules and rules.
That problem seems to be much abated at the moment. And Bayes 99 is
approaching 100%/0% asymptotically at the moment.) I get annoyed with
spam that escapes. That happens about one in 10,000 messages of late,
again it's almost always LKML related.
I do tweak the whitelists periodically as new legitimate sources come on
line. (I also anti-tweak them to hide junk from some trade journals that
insist on daily or weekly junk if I want to get their magazine. {^_-} SA
is a WONDERFUL tool.)
So I suspect you could get by without getting too embroiled in the mechanics
of SA maintenance by using Bayes, SARE rules, and a clearly stated set of
policies about what is done with the marked email. Note that if it is 10
domains including the likes of Earthlink or NetZero the problem is much
worse than if they are small company domains for say a set of real estate
offices.
{^_^}
