> > Nope, you don't. You got a problem with your custom rules. > > > > here is what it is tripping on... > > > > 0.7 FH_HOST_EQ_D_D_D_D Host starts with d-d-d-d > > 1.2 HOST_EQ_STATIC HOST_EQ_STATIC > > 0.7 FH_HOST_EQ_D_D_D_DB Host is d-d-d-d > > 1.3 HOST_EQ_CHARTER HOST_EQ_CHARTER > > Neither of these is in stock SA 3.2.5, nor pulled by > sa-update for any 3.2.x version. Sorry, too lazy to check all > old and not-updated versions. Minus 3.9... > > > 1.9 TVD_RCVD_IP TVD_RCVD_IP > > 0.5 FROM_NOT_REPLYTO From: does not match Reply-To: > > Not stock SA, and *does* happen frequently on lists. Local rule. > > > -2.6 BAYES_00 BODY: Bayesian spam > probability is 0 to 1% > > [score: 0.0000] > > 1.5 SAGREY Adds 1.0 to spam from > first-time senders > > Custom, third-party plugin. Use at your own risk. Explicitly > mentions in the description, to add 1.0 points -- raised > arbitrarily by you. Local rule, local problem. > > > > can someone help me formulate a good rule to reduce scoring. > > You do not need a good negative scoring rule (besides > proposals for rules already posted), you seriously need to > review your custom rules. > > According to your rules hit, stock SA merely would score 1.9 > for the single TVD_RCVD_IP hit. Plus Bayes (which affects > this rule's score) and even subtracts significantly for you. > > > 1.9 -- this is a local problem with your custom rules. >
Karsten, thank you for your analysis... :-) i had forgotten about (not in a bad way) the use of some FVGT sets etc... those rules help catch spam. 00_FVGT_File001.cf: Rule Name Score Ham Spam %of Ham %of Spam ----------------------------------------------------------------------- FH_HOST_EQ_D_D_D_D 0.67 1505 9458 1.14% 7.31% FH_HOST_EQ_D_D_D_DB 0.69 663 6756 0.50% 5.22% 88_FVGT_headers.cf: Rule Name Score Ham Spam %of Ham %of Spam ----------------------------------------------------------------------- HOST_EQ_CHARTER 1.29 42 61 0.03% 0.05% HOST_EQ_STATIC 1.17 157 2224 0.12% 1.72% sagrey.cf: Rule Name Score Ham Spam %of Ham %of Spam ----------------------------------------------------------------------- SAGREY 1.50 0 111668 0.00% 86.33% SAGREY on a daily basis is more like 90 to 93 percent. i ran the simple analysis script against a longer period of time and there have been some minor changes in between. yet... thanks for pointing this all out. i just grepped the rules against that directory and gained some extra enlightenment. regardless, the original question stands, and i thank all of you for your advise. i have applied the necessary fix and things are just fine. everyone's help has been fantastic. thank you! :-) - rh
