Re: Dev-nulling is a bad idea [Was: Verifying .procmailrc settings to delete high scoring spam messages]

Mon, 22 Apr 2013 06:27:54 -0700 

On 04/08/2013 03:52 AM, Andrzej A. Filip wrote:

On 04/08/2013 05:12 AM, Thomas Cameron wrote:

[...]
I want to delete any spam that scores over 10, though. I believe that I
should insert a new rule between the first and second, and I want to use
the X-Spam-Level header. But since it uses asterisks, which are
interpreted as regex wildcards, I want to make sure I've got the right
syntax. I think I would need to escape out the asterisks, right?

Would it look like this?

:0:
* ^X-Spam-Level:.*\*\*\*\*\*\*\*\*\*\*
/dev/null

I believe that would match 10 asterisks or more, and redirect the e-mail
to /dev/null. Am I right?


I would suggest redirecting such messages to another folder/maildir.
The folder should auto-purge old messages (e.g. older than 30 days).
Shit does happen. I remember at least one case in which mailing list
(ham) thread about spammer scored >10.

Such very false positives are very unlikely/rare *but* nobody
responsible is going to guarantee it will not happen to you.
So, I've set up two IMAP folders, "spam" for messages which are in the 5-10 range and "super-spam" which are over 10. I've been watching them since the 7th, when I updated SA and configured it based on Warren Togami's most excellent guide at http://www.spamtips.org/p/ultimate-setup-guide.html.
So far the "super-spam" folder is getting messages at about 10:1 over "spam." I have not seen a single FP in "super-spam" in that time. In fact, I have not seen ANY FPs in either folder.
At this point, I'm pretty comfortable just nuking that e-mail instead of wasting space with it.
Currently I'm using procmail recipes for individual users, but I'm leaning heavily towards going back to spamass-milter, and rejecting everything that scores 10 or more.
I'm definitely open to suggestions, though. The only argument I have seen so far is "you might get a FP." While that is absolutely valid, it has not happened so far. If I use spamass-milter, the sender will get a rejection notice, so important senders which trigger FPs will be able to call me and let me know. Otherwise, I don't think the message is that important. ;-) 

Thoughts?

Thomas

Reply via email to