This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Puremessage for Unix, Spam-rule question

I took over this job last year, I inherited an existing Puremessage for Unix installation.

Quite a few of the anti-spam rules are set with weight and Probability at 0 and 0.

I ran 'pmx-spam scan' on one of the latest spam that made it through as 'not spam', and have a question on the anti-spam rules.

According to the docs, if a rule has zeroes for both weight and Probability, the rule is ineffective, right? 

So on this:

    HTML_MIME_NO_HTML_TAG: w+=00.800 pd+=00.000 t=+02.248
             KNOWN_FREEWEB_URI: w+=00.050 pd+=00.000 t=+02.298
                 LINK_TO_IMAGE: w+=00.000 pd+=00.000 t=+02.298 [.jpg]
                  MED_WORDS_LO: w+=00.000 pd+=00.000 t=+02.298 [weight loss]
                 RDNS_NXDOMAIN: w+=00.000 pd+=00.000 t=+02.298 [NXDOMAIN]
                     RDNS_SUSP: w+=00.000 pd+=00.000 t=+02.298
             RDNS_SUSP_GENERIC: w+=00.000 pd+=00.000 t=+02.298
             SUBJ_PHRASE_PILLS: w+=00.000 pd+=00.000 t=+02.298 [weight loss]

 Should I be altering the weight slightly on the rules that are hit to add to the spam score? (for those that are zero, such as RDNS_SUSP_GENERIC)

thanks.

Roger

:51388


This thread was automatically locked due to age.
  • That's kind of a double edged sword.. I believe the recommended settings are "use the defaults".. the thing with
    modifying the spam rules is when you do that you may find yourself in a situation where you modify one rule to
    fix a particular spam issue and in turn you break another rule that lets spam in

    The other consideration is, if you modify a spam rule.. it becomes a customized rule.. so if that rule is modified
    by Sophos then when the update goes out it will NOT overwrite your custom rule.

    So it really becomes a game of cat and mouse, I think the best option is to write a quick and dirty script to
    email spams to the is-spam address and let them deal with it. That way it gets magically fixed and I don’’’’t have
    to do anything so that works for me.

    :51554