Thread: smtp setup and spam
View Single Post

   
  #2 (permalink)  
Old 03-06-2008, 02:02 PM
Nico Kadel-Garcia
 
Posts: n/a
Default Re: smtp setup and spam
On 6 Mar, 08:25, Boyd Lynn Gerber <gerb...@zenez.com> wrote:
> Hello,
>
> With the setup I use with SPF (around 15-20,000 emails per day to me
> or the aliases that come to me) and ...
>
> postfix or sendmail, sometimes exim
> amavis-new
> spamassassin
> python-pydns
> python-pydspam
> python-pyspf
> python-pygossip
> python-pysrs
>
> About 85% of emails are rejected before the smtp data stage saving a lot
> of more expensive resources.
>
> Once through the above I get 4-5 emails that are not taged that are spam
> and 2-3 false positives. *My data basis are trained and I use razor.
> The below is from a header that has been through spamassassin and marked
> as spam.
>
> 1.4 MSGID_FROM_MTA_ID * * *Message-Id for external message added locally
> *0.0 UNPARSEABLE_RELAY * * *Informational: message has unparseablerelay
> lines
> *3.5 BAYES_99 * * * * * * * BODY: Bayesian spam probability is 99 to 100%
> * * * * * * * * * * * * * * [score: 1.0000]
> *1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
> * * * * * * * * * * * * * * above 50%
> * * * * * * * * * * * * * * [cf: 100]
> *0.5 RAZOR2_CHECK * * * * * Listed in Razor2 (http://razor.sf.net/)
> *0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> * * * * * * * * * * * * * * [cf: 100]
> *1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
> * * * * * * * * [Blocked - see
> <http://www.spamcop.net/bl.shtml?220.92.37.23>]
> *3.9 RCVD_IN_XBL * * * * * *RBL: Received via a relay in Spamhaus XBL
> * * * * * * * * * * * * * * [220.92.37.23 listed in sbl-xbl.spamhaus.org]
> *1.6 URIBL_SBL * * * * * * *Contains an URL listed in the SBL blocklist
> * * * * * * * * * * * * * * [URIs: conitaf.com..cn]
> *3.0 URIBL_OB_SURBL * * * * Contains an URL listed in the OB SURBL
> blocklist
>
> It is then run through sa-learn to report it and auto deleted. *The IP
> that the email came from reputation is then dinged for the spam. *The same
> applies for a valid email. *Domains and IP addresses are blacklisted at
> certain levels. *This is all configurable. *So I really recommend these
> tools.

For more individualized and even more effective spam blocking, you
might look at CRM114 over at Sourceforge. Some spammers tune their
spam to get past Spamassassin, but they haven't had much luck yet with
crm114.
Reply With Quote