<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 5/4/2013 6:37 AM, Simon Brereton
wrote:<br>
</div>
<blockquote
cite="mid:CAOmHMuHBqmYto5=Tzr=ypoUuUm=F58cGByP1MQqqkAFc6sJZug@mail.gmail.com"
type="cite">
<p dir="ltr"><br>
On 4 May 2013 12:02, "Patrick Joy" <<a moz-do-not-send="true"
href="mailto:paddy@paddyjoy.com">paddy@paddyjoy.com</a>>
wrote:<br>
><br>
><br>
> On 04/05/13 19:44, Simon Brereton wrote:<br>
>><br>
>> > On 04/05/13 18:58, Simon Brereton wrote:<br>
>> >><br>
>> >><br>
>> >> On 4 May 2013 05:15, "Patrick Joy" <<a
moz-do-not-send="true" href="mailto:paddy@paddyjoy.com">paddy@paddyjoy.com</a>>
wrote:<br>
>> >> ><br>
>> >> > Hi everyone,<br>
>> >> ><br>
>> >> > I have just configured amavis-new (2.5.3)
and spamassassin (3.2.5) and integrated with postfix (2.5.1). I
have linked amavis to mysql also.<br>
>> >> ><br>
>> >> > Everything seems to working fine, spam
headers are being added and some mail is going the the
quarantine however I would appreciate it anyone could answer the
following questions about the behaviour of the quarantine.<br>
>> >> ><br>
>> >> > I have the following settings:<br>
>> >> ><br>
>> >> > $sa_spam_subject_tag = '***SPAM*** ';<br>
>> >> > $sa_tag_level_deflt = -9999; # add spam
info headers if at, or above that level<br>
>> >> > $sa_tag2_level_deflt = 8; # add 'spam
detected' headers at that level<br>
>> >> Email will have ***SPAM*** added to the
subject..<br>
>> >><br>
>> >> > $sa_kill_level_deflt = 10; # triggers
spam evasive actions<br>
>> >> Email will quarantine..<br>
>> >><br>
>> >> > $sa_dsn_cutoff_level = 15; # spam level
beyond which a DSN is not sent<br>
>> >><br>
>> >> Email will be discarded. Sender will not be
notified. See $final_spam_destiny = D_DISCARD;<br>
>> >><br>
>> >> > $final_virus_destiny = D_DISCARD; #
(data not lost, see virus quarantine)<br>
>> >> > $final_banned_destiny = D_BOUNCE; #
D_REJECT when front-end MTA<br>
>> >> > $final_spam_destiny = D_DISCARD;<br>
>> >> > $final_bad_header_destiny = D_PASS; #
False-positive prone (for spam)<br>
>> >> ><br>
>> >> > 1) Does this mean that anything with a
score over 8 will go the quarantine?<br>
>> >> > 2) What happens emails with a score over
10? Do they get discarded or do they go to the quarantine?<br>
>> >> > 3) What happens emails with a score over
15? Do they get discarded or do they go to the quarantine?<br>
>> >> ><br>
>> >> > My aim is to have nothing discarded, I
would like all suspected emails to go to the quarantine and have
users decide before whether they get discarded or not. Do I have
the correct settings for that?<br>
>><br>
>> On 4 May 2013 11:31, "Patrick Joy" <<a
moz-do-not-send="true" href="mailto:paddy@paddyjoy.com">paddy@paddyjoy.com</a>>
wrote:<br>
>> ><br>
>> > Thanks Simon,<br>
>> ><br>
>> > So if I don't want anything to be discarded I
should increase $sa_dsn_cutoff_level to something large like
9999?<br>
>><br>
>> Please don't top post..<br>
>><br>
>> Yes, or I believe just comment the line out.<br>
><br>
> Thanks I'll experiment with both.<br>
><br>
>> For what it's worth I've never seen a legitimate mail
with a spamassassin score over 15. I can't imagine why you'd
want to not discard them. <br>
><br>
> That's good to know! The main reason I want to keep them
all is because customers can be funny sometimes, one missing
email (legitimate or not) and they will be up in arms.</p>
<p dir="ltr">But it's your responsibility as a service provider
(which if you have customers is what you are) to also protect
them. And us. And you.</p>
<p dir="ltr">Assume I'm wrong and only most email 15 and over is
spam... the ones you're quarantining for them to look at contain
phishing links and viruses/Trojans, whether by payload or link.
Now if your customer is not educated to appreciate that smtp is
an unreliable communications protocol, they are probably also
likely to click on Trojan installers and respond to phishing
attacks.</p>
<p dir="ltr">Now their network is compromised, or your machine is
spewing spam and in a blacklist. Now all your other customers
are mad and you have much bigger problems than a missing email
(which might have gone missing for any number of reasons out of
your control).</p>
<p dir="ltr">In short, yes, you have to, as a service provider,
provide reliability. But as with any it service you have to
balance the wants of a few against the security of many.</p>
<p dir="ltr">It's of course your machine, your customer and most
important of all, your policy. I'm not mandating what you
should or should not do, but have a think about it and the
implications and look at the risk/reward.</p>
<p dir="ltr">Good luck! </p>
<p dir="ltr">Simon<br>
</p>
</blockquote>
Studies have been done and if I recall the numbers... 'people' given
all their mail to filter make 4 mistakes in 1000 emails. If you can
reduce that 1000 number by removing most of what is scored highly as
spam, the 'maybe spam' left in their spam box leads to more accurate
recovery of ham by a human. So, yes, it is proven that at a certain
level of filtering, accurate delivery of email to the Inbox
increases. Will they complain when the one is missed? Yes. Will it
be your filter? Only on very rare occasions. Are these the same
people that complain to you about too much spam? Generally yes.<br>
<br>
Now... if you could please stop spamming my Inbox by CCing the
amavisd list instead of replying to the amavis list so that my mail
filters work. I would appreciate that as well.<br>
<br>
<pre class="moz-signature" cols="72">
John </pre>
</body>
</html>