Tips to consider while working with Bayes filter
I'm writing this because understanding Bayesian (Bayes) filter is critical in environments with high traffic email.
Administering high traffic might be difficult, but having high traffic with reach content, is important for learning.
Bayes learning filter needs, at least, 200 SPAM messages and 200 HAM messages in order to become active.
Both types of messages (ham and spam) must met some technical requirements in order to be learned (SPAM: 3 header tokens + 3 body tokens; HAM: only 3 body tokens).
Both SPAM and HAM messages are various in content (even languages differ). Thus, the overall email traffic may vary from one day/week to the next one, from one company to another.
By design, Bayes filter learns (by itself) gradually from your email traffic.
Let the learning system (bayes, spamassassin) work as was designed, by itself from your email traffic.
Along with Bayes, Network Rules play an important role when Bayes is not active (and a less important one after Bayes has become effective).
Network rules (such as IP/URL checks against RBLs) use a delay in order to avoid flooding against providers.
Few flooding spam messages may pass because RBLs checks (network rules) are skipped due their safety mechanism.
A well trained/adjusted bayes will compensate these cases, in Scrollout.
Spam messages that have not been seen before, sent from legit sources, containing legit elements (IPs,URLs), are most difficult to catch.
Is not possible to stop All-Spam messages in 2 hours work, feeding 200+200 different messages.
Feeder's scope is to adjust learning system and cover these occasional cases.
Assign an outbound IP address per domain
Assigning an outbound IP address to a Sender Domain may:
Prevent default IP from losing reputation when aSender Domain is not trusted.
Increase delivery/quality by associating an IP with good reputation to a Sender Domain.
Increase limits/time by associating an IP with good throughout to a Sender Domain.
Build reputation for a new IP using a Sender Domain with normal transactions.
Isolate a Sender Domain from being associated with others.
Disclaimer per domain
A disclaimer for each domain can be added in /var/www/disclaimer/domain.com.txt
You can add an URL page and a phone number for support. (web GUI > ROUTE)
These will appear in the returned bounce error.
Instead of phone number you can add an unfiltered email address such as email@example.com. You can add firstname.lastname@example.org as an alias to your email@example.com mailbox, on your email server. But postmaster may become target for spam.
telnet 192.168.1.234 25
220 ScrolloutF1.scrolloutf1.com ESMTP - Scrollout - Scrollout F1 2012-10-03
502-5.5.2 Error: command not recognized
502 5.5.2 For assistance, see www.scrolloutf1.com/contact or contact +40720xxxyyy. Please provide the following information in your problem report: Time: (Jan 30 10:43:07), Client: (192.168.1.9), Server: (ScrolloutF1.scrolloutf1.com).
Web GUI > ROUTE
Tag only the spam
You can choose to TAG only the spam messages as following:
1. Go to ROUTE
2. Click on Quarantine
3. Input a score value of 5 in the first field and 999 in the second field.
Quarantine per user (sort of)
After completing the step above (Tag only), users may create a rule for messages containing "Spam:" in the Subject and move those messages in Spam/Junk folder.