TLUG Mailing List

Mailing List Archive

tlug.jp Mailing List tlug archive tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] antispam tricks

Date: Wed, 15 Nov 2006 17:24:16 +0100

From: Botond Botyanszki <tlug@example.com>

Subject: [tlug] antispam tricks
Hello tlug!

I'm using spamassassin-3.1 on debian sarge, but still not satisfied with
the result. Now that I get ~300 identified spam per day on my domain, the
98-99% efficiency yields a couple of spam mails reaching my inbox.
I have come to the conclusion that I need to do some more serious
configuration to my mail server.

Here is what I need:
 * With the rate of spam doubling every 2-3 months I'll get to the level
  where my server won't be able to keep up with the load because SA is a 
  real resource hog, so some antispam measures should be taken at IP level.
  I need a script or some SA or exim extension that will blacklist that
  IP (add a REJECT rule to iptables) if a mail is identified as spam.
  It must be safe and well tested and can expire old entries as well.
  I know that Godwin was using some static country based blacklisting
  method, but I don't want that much prejudice.

 * I thought of using greylisting, but I think eventually spammers will
  lean towards becoming rfc compliant and come back later with the mail.
  Instead I need something that adds a score to the mail based on prior
  correspondence. The AWL system in SA works somewhat differently, as it
  adds all addresses to it's database, I need something more simple that
  will raise the score for unknown senders, using the algorithm below:
   - If a sender is found in the white-list, add a negative score,
     otherwise add a positive score.
   - If a mail was classified as ham and is not already in the white-list
     then insert it.
  Possibly the AWL system could be used for this with some perl code in
  the config file.

 * Recently spammers are trying to fool text based classifiers such as
  bayes with a totally irrelevant text message body where the real info
  is in a .gif attachment.
  What I need is positive score on mails having an attachment with a
  gif mime-type. I think this one can be configured after doing a bit 
  of RTFM.

Looking forward hearing your thoughts on these.


-- 
boti
Attachment: signature.asc
Description: PGP signature

Follow-Ups:

Re: [tlug] antispam tricks
From: Godwin Stewart

[tlug] antispam tricks
From: Stephen J. Turnbull

Re: [tlug] antispam tricks
From: Josh Glover

Re: [tlug] antispam tricks
From: Gerald Naughton

Re: [tlug] antispam tricks
From: Mauro Sauco

[tlug] antispam tricks
From: Stephen J. Turnbull

Prev by Date: Re: [tlug] Firefox font configuration

Next by Date: Re: RE : Re: [tlug] wiki

Previous by thread: Re: [tlug] Firefox font configuration

Next by thread: Re: [tlug] antispam tricks

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links