Re: spam, spam, the magical fruit!

On Fri, 19 Mar 2004, Scott Johnson wrote:

> This is just getting crazy. I used to get upwards of 100 spams a day.
> I installed a "spam filter" box in between the Internet and my internal
> qmail box. I went with a Postfix/Amavisd-new/SpamAssassin/ClamAV
> solution, which was working great - cut my 100 per day down to a much
> more manageable 5 or so. The spam filter box doesn't keep any mail
> locally - it just receives, scrubs the messages, and forwards them on.
> This was 4 months ago. Since then, my spam has been slowing creeping
> upwards, and in the past 2 weeks, has ballooned back up to 80 spams PER
> DAY! Searching Google I get a lot of debate about how spammers are
> constructing their messages to get around SA's rule-based filters. So,
> my question - what's better than SA at the moment? Anyone have any
> suggestions other than the US Postal Service? My SA rules are current,
> and my threshold is set pretty low (tagged at 2.0 hits, deleted at
> 4.0). I stay on top of /. pretty frequently and last week they had a
> story about "DSPAM" [ http://www.nuclearelephant.com/projects/dspam/ ]
> which seems pretty interesting, however from my limited Linux/Postfix
> experience seems hard to install/configure. I REALLY like the rest of
> my Postfix/Amavisd-new/ClamAV setup - ClamAV is AWESOME. It
> auto-updates and does an EXCELLENT job at stopping all the latest
> worms, hours after they start spreading en mass. Ideas? I'm getting
> depressed at all this freaking junk.......

Keep in mind that the most effective part of SpamAssassin is the bayesian
filter, but it's also the part that needs the most upkeep. I haven't seen my
spam level dramatically increase, but only because I:

  a) use auto-learning on higher threshold stuff using the *same*
     bayesian database for 3,000+ e-mail accounts
  b) sequester all low-scoring spam for the same 3,000+ accounts into
     a folder, of which I manually review (separating false positives
     from true positives) and retrain the bayesian database on those
     e-mails

In other words, spam filtering w/bayesian filters works, but training needs to
be an ongoing process, and it needs the widest possible sample. As far as
SpamAssassin goes, you might also consider increasing the size of the bayesian
database, enabling razor & rbl checks, etc., if you haven't already.

        --Arthur Corliss
          Bolverk's Lair -- http://arthur.corlissfamily.org/
          Digital Mages -- http://www.digitalmages.com/
          "Live Free or Die, the Only Way to Live" -- NH State Motto
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Mar 19 07:43:23 2004