Choose the rules you enable

Everyone's spam is different. What rules and plugins work for me may not work for you.

The best way to know how your installation is working is to check you logs and see what rules are hitting on your spam, and what rules are not. This way you can see which rules are the most productive for your spam. Several good scripts to run against your logs are,

• [http://www.exit0.us/index.php?pagename=MikesStatScript Mikes Stat Script]

• [http://www.rulesemporium.com/programs/sa-stats.txt sa-stats.pl pre SA version 3.1]

• [http://www.rulesemporium.com/programs/sa-stats-1.0.txt sa-stats.pl post SA version 3.1]

there is no relevance to the list order above

Using a log analyzer you can see which rules/plugins are working hardest for you. On our servers Bayes, DCC, Rayzor are all disabled. We catch all the spam we want with a combination of SURBL tests and a few custom rules both written inhouse and by the [http://rulesemporium.com SARE Ninjas].

This does not mean you shouldn't run DCC, Rayzor, or Bayes. Many people have great success with each or all those tools. You may or may not have success with them, Know your spam.

• Setup a honeypot account, and actualy read the spam that arrives there.
• Have users send you complete copies, headers included, of missed spam.
• Analyze your logs as often as you can.
• Learn to write custom rules.
  

Once you begin to know the spam your client base receives, you can begin making educated decisions to what rules will best capture the most spam using the least amount of resources. That equates to faster processing, more messages handled, happier clients (at least in my case).

Good luck!