On Mon, 30 Mar 2015, grhoderick wrote:
After months of back and forth with the web host, their recommendation has
been to add rules and do more intensive SA learning. But the way I
understand it, no amount of tweaking symbolic test scores or adding rules
can make up for not running the tests to begin with. Without having root
access to the SA install, can I even influence which tests are applied?
Example of the difference in output:
http://pastebin.com/ph6wZw2R
I assume that's for a spam?
Two big things jump out:
0.0 URIBL_BLOCKED
This means that your ISP's URIBL queries are exceeding the free-access
limits of the URIBL provider. They should set up a separate dedicated
caching recursing nameserver for their mail system so that their URIBL
traffic is not aggregated with other URIBL traffic using their main name
servers. However, as they are an ISP, this by itself may not be enough to
drop their query traffic below the free-access threshold. They may need to
contact the URIBL provider and set up a paid feed for UDIBL data.
-1.9 BAYES_00
If this is the score for an obvious spam, then
this stongly suggests mistraining, or autolearn that has run off the
rails.
How is bayes being trained? Has the ISP provided you with any way to train
obviously misclassified messages? If they don't give you any way to train
then they have taken that burden upon themselves, and are not doing it
effectively. They probably need to wipe their database and start over from
scratch.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
USMC Rules of Gunfighting #7: In ten years nobody will remember the
details of caliber, stance, or tactics. They will only remember who
lived.
-----------------------------------------------------------------------
2 days until April Fools' day