On Fri, 2008-02-29 at 11:28 +0500, Shahzad Abid wrote:
> Dear List
>
> How to determine good rules for SA, I am using following rules.


[ gigantic output of ls snipped, including lots of cf files, plugins and
a bunch of unrelated non-rules ]

> Please identify which rules are bad?


Pretty much *all* of the third party rules you mentioned are bad, IMHO.
*Unless* you review their respective documentation, rather than throwing
almost anything at your SA you could find...


A few notes and things I spotted glimpsing at the list, why I believe
you missed this important part:

* backhair.cf: Deprecated since SA 3.0.0, which incorporates most of
it. See http://wiki.apache.org/spamassassin/CustomRulesets where you
got it from.
* 7*_sare_redirect: The note particularly mentions to NOT use both
rulesets. However, you got both, the pre and post 3.0.0 variant. See
http://www.rulesemporium.com/rules.htm

Also, you seem to be using RulesDuJour, which AFAIK has not been the
recommended way to update for quite a while. Instead, use sa-update with
SARE.

As a general note, spam is rather different for anyone. You'll have to
decide yourself which ones are good or bad in your particular case.
Monitor the rules, if they even apply to your spam and remove them after
some time of observation, if they aren't worth the additional overhead.
Using too many of them usually tends to have some bad impact.

Besides pulling in every cf file you can get your hands on, there are
quite a few optional, disabled by default rules and plugins shipped with
SA itself, which just need to be properly configured or don't apply to
all environments. Only you can decide to use them. Hint: "language"
specific stuff and features that depend on optional Perl modules. See
the documentation and spamassassin debug output.


If you don't want to or can't identify good and bad rulesets yourself,
you should stick with a vanilla setup. The developers and the QA process
already have done a general decision about "good" rules -- this is, what
the SA distribution includes by default.

guenther


--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a \x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}