[SURBL-Discuss] Question about scoring in SA3

Kris Deugau kdeugau at vianet.ca
Wed May 18 16:53:17 CEST 2005 

"Kevin A. McGrail" wrote:
> I've been very pleased with SURBL in SA3 and I'd like to increase the
> scores.  However, I don't understand how the default scores like this
> work:
> 
> rules/50_scores.cf:score URIBL_AB_SURBL 0 2.007 0 0.417
> rules/50_scores.cf:score URIBL_OB_SURBL 0 1.996 0 3.213
> rules/50_scores.cf:score URIBL_PH_SURBL 0 0.839 0 2.000
> rules/50_scores.cf:score URIBL_SC_SURBL 0 3.897 0 4.263
> rules/50_scores.cf:score URIBL_WS_SURBL 0 0.539 0 1.462
> 
> I feel SA is being too conservative with the resource that SURBL
> provides.  Can anyone give me their recommendations for my local
> configuration file for replacement scores that will be more
> effective?

I've had the following in production since ~May 2004 (2.64 patched for
SURBL support):

score SPAMCOP_URI_RBL_SC        2
score SPAMCOP_URI_RBL_WS        2.0
score SPAMCOP_URI_RBL_PH        3
score SPAMCOP_URI_RBL_OB        1
score SPAMCOP_URI_RBL_AB        2

And one more SURBL listing:  (Don't recall the origin;  check the SURBL
website)
score SPAMCOP_URI_RBL_JP        2

IIRC I had SC, OB, and AB all scored higher at one point, but ran into
occasional FP problems.  In an ISP environment, that's a Very Bad
Thing.  :/

On my personal server, I've set all of them to 4.

I also have a well-trained global Bayes db on both servers (one
"regular" ISP customers, one domain hosting) - I've never had to wipe
the Bayes files and start over.  You might want to copy the BAYES_nn
scores from 2.64;  the 3.0.x BAYES_nn scores seem to have been lowered
quite a bit and from the SA list traffic, seem to have caused a lot of
FNs.  (Just one of several reasons I haven't upgraded my 2.64 machines. 
They're working Just Fine Thanks.)

On top of that, I maintained a local SURBL-style list of domains found
in FNs reported by customers.  <g>  I haven't added anything to it in a
long time, although I do continue to feed Bayes with the (far smaller)
number of customer reports of FNs and the (VERY) rare FP.

> And since I couldn't find it referenced, can anyone tell me what the
> four numbers after the score mean?

They represent the four combinations possible with/without network tests
and with/without Bayes.

1st: No network, no Bayes
2nd: Network enabled, no Bayes
3rd: No network, Bayes enabled
4th: Network enabled, Bayes enabled

-kgd
-- 
Get your mouse off of there!  You don't know where that email has been!

More information about the Discuss mailing list