On 4/28/06, Mr Duck <tld(_at_)codeexamples(_dot_)org> wrote:
At my office, I've got procmail set up to dev/null anything
that SA set to eight stars or more. Over the last three years,
I've lowered the number to eight from thirteen, because I've
never had a false positive that high.. in fact, I don't think
I've ever had a false positive above four
I had two false positives scored over 11 just this morning, and that
was in spite of AWL and BAYES_00 adjusting the score downwards. Both
were cron job logfile output, so the right solution is to
whitelist_from_rcvd them, but if you're routing the mail to /dev/null
how do you know you haven't had a false positive over 8?
I route all the spam into a daily log. I allowed a few days worth to
pile up, then added a recipe so that when the first spam of a new day
arrives and creates a new mailbox, my procmailrc deletes the oldest
spam mailbox, so I always have a chance to recover but the number of
spam mailboxes remains the same. (I could have used logrotate, but
I'm using MH-format mailboxes for the spam so that I can locate
individual messages with grep, and logrotate isn't great with whole
directories.)
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail