>> >> I'm using dspam and I'm very happy with it, except for this new wave of >> >> mp3 / gif viagra spam. >> >> >> >> The mp3 spam emails had only the attachment, no subject and no body >> text. >> >> The gif spam emails that I'm seeing now have random pieces of english >> >> text (from books?) on the subject and body, and the attachment. >> >> >> >> dspam is proving very ineffective stopping these spams. Especially the >> >> gif ones. >> >> >> >> How are you all fighting and stopping these spams? >> >> >> >one way would be to use ClamAV to stop them. Do you use ClamAV? >> >> Yes I do. But ClamAV doesn't recognize these emails as viruses. >> >> > You should consider adding additional signatures to ClamAV. Read more here > about some of them: > http://www.oitc.com/winnow/clamsigs/index.html > http://www.msrbl.com/ > http://www.securiteinfo.com/services/clamav_unofficial_malwares_signatures.shtml > http://malwarepatrol.com.br/ > > There is even a nice script helping you to download and deploy them > automatically: > http://www.sanesecurity.co.uk/databases.htm > > Nice!!!! I didn't know of the existence of these signatures. Thank you very much!
>> >> I'm thinking of adding a layer before dspam with spamassassin/pyzor, >> but >> >> I tried spampd yesterday and was not satisfied with it. Some emails >> took >> >> over 10 seconds to get scanned, >> >> >> >That is normal with SpamAssassin. >> >> >> even removing the dnsbl tests from >> >> spamhaus, are other emails took about 30 minutes or more to get >> >> delivered. >> >> >> >The DNSBL tests are probably not the reason to have a 30 minutes delay. >> >> Yes, they're not. But as I did the test on a production server, I had to >> rollback to my previous configuration. >> In test servers, under low/no volume, everything was working ok. >> >> > For SpamAssassin you need to have a lot of CPU and especially memory on your > server. SA is a huge memory user. If you are open minded about your setup > then we could discus other spam fighting methods that are less memory/cpu > hungry. Is there any one here on the list using something that has a great > efficency and uses low cpu/memory? > > > >> >> I run busy ISP mail servers so I had to remove spampd and I'm >> >> using only dspam. >> >> >> >I run a cluster of mail servers in a ISP setup as well. My setup uses >> more then >> >just DSPAM. But I try to avoid anything that can not be clustered and >> I try to >> >avoid everything that uses just to much cpu/memory without being >> effective. >> >> Since the building of these servers I tried to do everything always with >> that in mind. To be as much efficient as possible. >> It's just that these evil viagras are really bugging me and I have to do >> something to get rid of them. >> >> > I understand. I have +/- around 2% to 3% spam volume. But I have a gazillion > of tools/methods implemented to block as much as possible. If you are open > minded then we could talk here what other methods exist to fight spam. > > > Yes I am open-minded. What methods are you talking about? >> >Might I ask you what MTA you are using? Do you really just run DSPAM >> without >> >any other additional tools? >> >> I have 2 postfix servers with gps(greylisting) and policyd-spf-fs as >> policies, rbl and header checks in postfix, and dspam+clamav as a >> content_filter. >> >> > I don't use RBL checks in Postfix since I can't use them on a global scale. > The problem I (my customers) have with them is that they are black or white. > And I have customers dealing with senders that are always some where on some > black list (yeah, yeah. Try to deal with senders from Russia or Asia. Most of > them are always on one or a bunch of black lists and I have customers that > WANT those mails). I am forced to use some think that alows me to have a > weightening and influence the whole processing. I know that I could influence > the RBL in Postfix but I need something more flexible. > > I see. There is always that problem, when you start having complaints from people who don't receive mail. > >> I'm sharing the dspam home via nfs, and using a remote mysql server for >> gps and dspam. >> >> > I share my DSPAM home over GlusterFS and MySQL in Master / Master mode for > DSPAM and a bunch of other tools. > > > >> Yesterday I tried spampd, a perl application which is a transparent >> lmtp/smtp proxy that uses spamassassin to tag mail. >> It didn't work too well, so I'm trying amavisd-new today. >> >> > I use Amavisd-New. It's okay. A memory eater but I can handle it. I have > integrated it into MySQL and connected with Postfix.Admin and, and, and... > > > >> Is there anything I can tune in dspam so that it would be more effective >> in recognizing these emails as spam? I'm using >> 'Algorithm graham burton' and 'Tokenizer osb'. >> >> > For the moment: NO > The problem is that DSPAM is stripping those attachments out of the > calculation. So no mater what Tokenizer or Algorithm you use, the attachments > are not tokenized. > I could implement other stuff into DSPAM to block those attachments. But that > would require some work on the DSPAM base. > > I see. Attachments never get tokenized, so it doesn't matter if I stay hours a day marking every one of this kind of spam and training dspam. Perhaps it's even worse, as the random citations of text being tokenized will help to block legitimate email. >> >> Thanks for your time. >> >> >> >> Carlo Rodrigues >> >> >> >-- >> >Kind Regards from Switzerland, >> > >> >Stevan Bajić >> >> ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Dspam-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspam-user
