Ok, so like the rest of you, I've been getting swamped by stock and other spam for the past couple of months. I've been beating me head on the wall trying to come up with the magic combination of things that make my client's SpamAssassin installations work as well as my own. And Now I prostrate myself on the ground, in deference to the higher knowledge of a group of SA heads...
The basic issue is this: Most of my clients are now running dedicated Email "firewall" systems, that I build and install from Open Source materials. I use ClamAV-milter, SpamAss-milter (which tags and sends to messages into quarantine but doesn't reject anything), and Sendmail (or postfix, but usually Sendmail). I'm using MySQL for userprefs, Bayes, and whitelisting, all on the same box. I have pretty much every test on the planet being run (see list below) and updated via Rules_Du_Jour on the SpamAssassin side of things, and I'm also running no less than 6 dnsbl's in Sendmail. I have a couple clients who are getting hammered with those darn messages that get sent 50 times each; if one gets through the filter, they all do. Thus my clients yell that they're getting tagged with spam, but to SA it's really only one message that happened to get through multiple (many) times. To each user. My quandry is that my own server is tagging the messages MUCH more consistently than my clients. There are 2 reasons for this that I can see: First, I'm a small target... it's a mailserver, but it's just me. My client sites are smallish (under 50 addresses), but that's a bigger target than I present for sure. I receive on average ~150-200 spams, all but 1 or 2 end up in my Junk folder via SpamAssassin (called and then sorted by Procmail). Second, I run SA and my IMAP server on the same box, which means that I can run sa-learn periodically to update my Bayes database, and there's not currently a mechanism in place for email firewall users to do the same. Part of the reason for this is the need to take the human (i.e. end user) component out of the filtering process, for all the reasons discussed at length on this list (people feeding the wrong stuff to their filter, not feeding their filter, etc., etc.) My question basically boils down to this: How do I get similar results in an appliance type model to what I see from my 'monolithic' mailserver setup? I'd like to keep using the MySQL prefs etc, and for a number of reasons I have to stick with the architecture I've described with an external (to the mailserver, not the LAN) Spam filtering server. Thank you all in advance for your consideration! Rubin SpamAssassin 3.1.5, FuzzyOCR 3.4.2 SpamAssassin MySQL userpref: | $GLOBAL | score URIBL_SBL | 4.66 | 1 | | $GLOBAL | score HTML_IMAGE_ONLY_04 | 4.66 | 2 | | $GLOBAL | score HTML_IMAGE_ONLY_08 | 4.16 | 3 | | $GLOBAL | score HTML_IMAGE_ONLY_16 | 3.8 | 4 | | $GLOBAL | score HTML_IMAGE_ONLY_20 | 1.8 | 5 | | $GLOBAL | score HTML_IMAGE_ONLY_12 | 3.8 | 6 | | $GLOBAL | score HTML_IMAGE_ONLY_24 | 2.8 | 7 | | $GLOBAL | score HTML_IMAGE_ONLY_28 | 3.8 | 8 | | $GLOBAL | score HTML_IMAGE_ONLY_32 | 3.8 | 9 | | $GLOBAL | score DNS_FROM_RFC_ABUSE | 2.5 | 10 | | $GLOBAL | ok_locales | en | 11 | | $GLOBAL | score RCVD_IN_SORBS_DUL | 3.5 | 13 | | $GLOBAL | score RCVD_NUMERIC_HELO | 3.5 Rules_du_jour: TRUSTED_RULESETS=" TRIPWIRE ANTIDRUG SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_BML SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER SARE_HEADER_ENG SARE_HEADER_X264_X30 SARE_HEADER_X30 SARE_HTML SARE_HTML_ENG SARE_HTML_PRE300 SARE_SPECIFIC SARE_OBFU SARE_REDIRECT SARE_REDIRECT_POST300 SARE_SPAMCOP_TOP200 SARE_GENLSUBJ SARE_GENLSUBJ_X30 SARE_GENLSUBJ_ENG SARE_HIGHRISK SARE_UNSUB SARE_URI0 SARE_URI1 SARE_URI3 SARE_URI_ENG" That's all I can think of to toss in at this point... Thank you! -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 "They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety" --Benjamin Franklin, Historical Review of Pennsylvania, 1759