KSpam not learning spam patterns for one user
Posted on 2006-11-30
I have Kspam on my Domino server which up until this point no one complained of receiving multiple spammed messages. There is one user who actually setup the KSPam configuration who is receiving the majority of spam. I would like to know how should I configure the Bayesian configuration document in order to make this agent work effectively? In addition to this configuration should I also manually create rules? If so, what should be the numbering setup?
Below is the current Bayesian configuration:
This is a string of six characters or less, should be the same for every server in your organisation (KS_IID). Rescon
This is the default action to be taken when one of the hard coded rules is matched (KS_DEFAULTACTION). 0 - Accept
Default probability increase
The default probability increase, only used if increase probability is selected for the default action (KS_DEFAULT_PROB_INC). 0%
Mark messages with a reason field?
Add KS_REASON item to an email if a rule is matched (KS_MARK). Yes
Reload configuration every hour?
Log statistics under smtp.kSpam.* (KS_STATS). Yes
Minimum "From:" header length?
Minimum length of the From: header (KS_MIN_FROM_LENGTH). 0
Maximum numbers in sender's username?
Maximum number of integers in the sender's username (KS_MAX_FROM_INTS). 0
First character in "From:" header must not be a number?
Other forms to scan?
Forms other than Memo and Reply delimited by commas (KS_INTERESTING_FORMS).
Add recipients list to copied and denied messages?
Add KS_RECIPIENTS readers field to denied messages, username in email address must me included in the recipients username field in their person document. ( KS_RECIPIENTS). No
Copied mail database
Database to copy copied messages to, default is mailspam.nsf (KS_COPIED_DB).
Turn on debugging?
Create log in ks_debug.txt (KS_DEBUG). No
Bayesian filter enabled
Enable the Bayesian filter (KS_BAYESIAN_FILTER). Yes
Token reload period
Period of time between recalculating probabilities (KS_BL_PERIOD). 360
Boundary probability at which email is considered spam (KS_BAYESIAN_BOUNDARY). 90%
Mark messages with token list and probability?
Add KS_BL_PROB and KS_BL_TOKENS to incoming emails (KS_BAYESIAN_MARK). Yes
Good message ratio
Ratio of good emails passing through the server before an email is copied to the good mail database (KS_BAYESIAN_RATIO). 5
Action to take when an emails are probably spam (KS_BAYESIAN_ACTION). 3 - Copy & Deny
Text to mark emails with is the default Bayesian action is mark. (KS_BAYESIAN_ACTION_MARK_WITH).
Tokens to ignore
Tokens to ignore when calculating probabilities (KS_BL_IGNORE).
Dump token lists to file
Write token lists to files goodlist.txt and spamlist.txt (KS_BL_DUMPLISTS). No
Preparation setting 1
All emails that pass all rules without being matched are placed in the mailgood.nsf database (KS_BAYESIAN_PREP). No
Preparation setting 2
All emails with a probability greater than 90% are copied to mailspam.nsf, all emails with a probability of less than 10% are copied to mailgood.nsf (KS_BAYESIAN_PREP_2). No
Turn on debugging?
Create bload.txt log file (KS_BL_DEBUG). No