I've been playing with my SA setup and trying to get it to actually work well, right now it lets a lot of junk through.
* 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
* [URIs: optdi.com]
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image area
* -0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
* [score: 0.3144]
* 1.5 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
* 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.6 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
* 0.0 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image
* 0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
On this example... and on other spam I see a lot of the HTML_SHORT_LINK_IMG_3 HTML and MIME_HTML_ONLY_MULTI etc which are scored 0.
1. Are they scored 0 for a reason?
2. Is it safe to increase the score for things such as URIBL_WS_SURBL , RCVD_IN_XBL or SBL, I would think false positives with this should be low, but I figure you guys have more time using (correctly
) to know. I assume I shouldn't use the PBL as i have clients relaying through the server.
3. Can I run something from the command line to go through a really spammy mailbox and seperate what it now considers spam into a subfolder?
4. How do I globally clear my bayesian data, up until now it is autolearning ham on bad messages it would seem.
5. Should I clear that bayesian data? or just let a flow of spam learning just shift the curve?