On Wed, 30 Dec 2009 15:33:51 +0000 Carlo Rodrigues <[email protected]> wrote:
> Sorry for having sent the same email twice, but I was a victim of myself > :) I thought the email never showed up in dspam-user list because I > never received it. Then I searched the logs and I had a rule forbidding > emails with the word viagra in the subject in simscan.... > LOL :) > On Wed, 30 Dec 2009 10:16:17 +0000 > Carlo Rodrigues <[email protected]> wrote: > > >> Hello all. > >> > >Hello, > > > >> I'm using dspam and I'm very happy with it, except for this new wave of > >> mp3 / gif viagra spam. > >> > >> The mp3 spam emails had only the attachment, no subject and no body > text. > >> The gif spam emails that I'm seeing now have random pieces of english > >> text (from books?) on the subject and body, and the attachment. > >> > >> dspam is proving very ineffective stopping these spams. Especially the > >> gif ones. > >> > >> How are you all fighting and stopping these spams? > >> > >one way would be to use ClamAV to stop them. Do you use ClamAV? > > Yes I do. But ClamAV doesn't recognize these emails as viruses. > You should consider adding additional signatures to ClamAV. Read more here about some of them: http://www.oitc.com/winnow/clamsigs/index.html http://www.msrbl.com/ http://www.securiteinfo.com/services/clamav_unofficial_malwares_signatures.shtml http://malwarepatrol.com.br/ There is even a nice script helping you to download and deploy them automatically: http://www.sanesecurity.co.uk/databases.htm > > >> I'm thinking of adding a layer before dspam with spamassassin/pyzor, > but > >> I tried spampd yesterday and was not satisfied with it. Some emails > took > >> over 10 seconds to get scanned, > >> > >That is normal with SpamAssassin. > > >> even removing the dnsbl tests from > >> spamhaus, are other emails took about 30 minutes or more to get > >> delivered. > >> > >The DNSBL tests are probably not the reason to have a 30 minutes delay. > > Yes, they're not. But as I did the test on a production server, I had to > rollback to my previous configuration. > In test servers, under low/no volume, everything was working ok. > For SpamAssassin you need to have a lot of CPU and especially memory on your server. SA is a huge memory user. If you are open minded about your setup then we could discus other spam fighting methods that are less memory/cpu hungry. Is there any one here on the list using something that has a great efficency and uses low cpu/memory? > >> I run busy ISP mail servers so I had to remove spampd and I'm > >> using only dspam. > >> > >I run a cluster of mail servers in a ISP setup as well. My setup uses > more then > >just DSPAM. But I try to avoid anything that can not be clustered and > I try to > >avoid everything that uses just to much cpu/memory without being > effective. > > Since the building of these servers I tried to do everything always with > that in mind. To be as much efficient as possible. > It's just that these evil viagras are really bugging me and I have to do > something to get rid of them. > I understand. I have +/- around 2% to 3% spam volume. But I have a gazillion of tools/methods implemented to block as much as possible. If you are open minded then we could talk here what other methods exist to fight spam. > >Might I ask you what MTA you are using? Do you really just run DSPAM > without > >any other additional tools? > > I have 2 postfix servers with gps(greylisting) and policyd-spf-fs as > policies, rbl and header checks in postfix, and dspam+clamav as a > content_filter. > I don't use RBL checks in Postfix since I can't use them on a global scale. The problem I (my customers) have with them is that they are black or white. And I have customers dealing with senders that are always some where on some black list (yeah, yeah. Try to deal with senders from Russia or Asia. Most of them are always on one or a bunch of black lists and I have customers that WANT those mails). I am forced to use some think that alows me to have a weightening and influence the whole processing. I know that I could influence the RBL in Postfix but I need something more flexible. > I'm sharing the dspam home via nfs, and using a remote mysql server for > gps and dspam. > I share my DSPAM home over GlusterFS and MySQL in Master / Master mode for DSPAM and a bunch of other tools. > Yesterday I tried spampd, a perl application which is a transparent > lmtp/smtp proxy that uses spamassassin to tag mail. > It didn't work too well, so I'm trying amavisd-new today. > I use Amavisd-New. It's okay. A memory eater but I can handle it. I have integrated it into MySQL and connected with Postfix.Admin and, and, and... > Is there anything I can tune in dspam so that it would be more effective > in recognizing these emails as spam? I'm using > 'Algorithm graham burton' and 'Tokenizer osb'. > For the moment: NO The problem is that DSPAM is stripping those attachments out of the calculation. So no mater what Tokenizer or Algorithm you use, the attachments are not tokenized. I could implement other stuff into DSPAM to block those attachments. But that would require some work on the DSPAM base. > >> Thanks for your time. > >> > >> Carlo Rodrigues > >> > >-- > >Kind Regards from Switzerland, > > > >Stevan Bajić > -- Kind Regards from Switzerland, Stevan Bajić ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Dspam-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspam-user
