|
HOME >
CHAPTER 15
Chapter
15; Housekeeping and
Reporting
Once
SpamAssassin is installed and configured, it operates well with
little or no intervention. A busy system administrator will be keen
to automate every aspect of system operations and make life easier
for users. In this chapter, some further filters and regular scripts
are described.
Separating Levels of Spam
Spam does not need to be saved on the
server, except as a corpus for training the Bayesian database and
for score regeneration. Generally, the reason that spam emails are
stored is so that any false positives can be reclaimed by users. If
auto-learning is used, you also can use these stored spam emails to
ensure that false positives have not been learned as spam. This
involves checking the folder of spam on a daily or weekly basis.
One technique to lower the number of spam emails to be
examined is to divide them into two folders: one for high-scoring
spam emails and another for comparatively low-scoring spam emails.
False positives are unlikely to be in the high scoring category, so
the user need not examine emails in this folder.
This filtering can be effected using a Procmail recipe. The
X-Spam-Level
header contains a number of asterisks to indicate the score of the
email. Emails that score between one and two get one asterisk, while
emails that score between 12 and 13 get 12 asterisks. The
X-Spam-Level
header never shows more than 30 asterisks.
A Procmail recipe to filter emails with a score of 14 or more is
shown below:
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*
.BigSpam/new
In the recipe, the asterisk character
is escaped by using the
\
character, otherwise Procmail will treat it as part of the recipe.
In this rule, the mail is delivered into a maildir called
BigSpam,
but delivering into an inbox is also possible as shown below:
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*
BigSpam
Spam that scores less than this
threshold can then be processed as described in previous chapters,
moving it to a folder, now labeled
PossibleSpam:
:0
* ^X-Spam-Status: Yes
.PossibleSpam/new
Any email that has not been processed
by Procmail in the above two recipes will not be tagged as spam and
can be processed further or delivered to the default destination.
When using this recipe, choose a
threshold score that is cautious rather than optimistic. A higher
score will mean that more email has to be sifted through on a
day-to-day basis. A lower value will increase the doubt that a false
positive exists in the high-scoring spam bucket. Use your
experience, and try to choose a value two or three points higher
than any false positive received in the past.
|
