Bayes is a stalwart here, that and the more recent versions of SA. Best I can suggest is upgrade to 3.1.1 and run in some rules, I'm happy to let you know which ones we use.
That being said, bayes is the only realistic way of training in spam - adding it makes life a lot easier. HTH Kind regards Nigel On Thu, 01 Jun 2006 13:41:36 -0400, DAve <[EMAIL PROTECTED]> wrote: >Nigel Frankcom wrote: >> This may be a daft question, if so, apologies in advance; but, do you >> train these spam into sa? > >Nope, been down the Bayes road a few times and the load on the server >never justified the spam it caught. When using bayes we always end up >babysitting it too much. This could likely be a result of the large >variance in the type and content of mail we handle (we are an ISP). > >Personally, right/wrong/regardless, I've always felt bayes was just >never "production ready". Issues always seem to crop up. Maybe that will >change in the future. > >> >> We receive a large number of these daily and, to date, very, very few >> get through. >> >> What version of SA are you running? > >Currently 3.0.4 on the toasters, 3.0.2 on the MailScanner boxes. These >may or may not get updates this month. I've never been fond of "update" >as a solution to a problem unless I know the change in version will >directly improve my use of the product. Right now SA is working >wonderfully, I have no complaints. But I am getting n thousands of these >messages, if even a few get past SA, it amounts to a lot of messages. > >Samples can be seen here, > >http://pixelhammer.com/spam/spam1.txt >http://pixelhammer.com/spam/spam2.txt >http://pixelhammer.com/spam/spam3.txt >http://pixelhammer.com/spam/spam4.txt >http://pixelhammer.com/spam/spam5.txt >http://pixelhammer.com/spam/spam6.txt > >Thanks, > >DAve > > >> >> KR >> >> Nigel >> >> On Thu, 01 Jun 2006 12:48:50 -0400, DAve <[EMAIL PROTECTED]> >> wrote: >> >>> Doc Schneider wrote: >>>> DAve wrote: >>>>> Howdy, >>>>> >>>>> My users are just about tired of the stock spams, we are getting many >>>>> now that are barely hitting any stock rules at all. The funny thing is >>>>> they are pretty much a legit email. No obfuscation, no funky headers, >>>>> no URL. >>>>> >>>>> I am nearly ready to just stomp any and all stock messages and force >>>>> the few users who need them to whitelist the sender. >>>>> >>>>> Has anyone else already been down this road? Any suggestions? >>>>> >>>>> Thanks, >>>>> >>>>> DAve >>>>> >>>> Sure is a stock spam rule set. >>>> >>>> http://www.rulesemporium.com/rules/70_sare_stocks.cf >>>> >>> Had it running 10 minutes after it was announced. My problem is worse >>> than that. Possibly I could create a meta rule in my local.cf that says >>> a sare_stock hit plus any other rule, add 5 points. >>> >>> Thanks though, I should have mentioned I use it. >>> >>> Dave >> >>
