> What MTA are you using? Maybe I could help to harden your setup? I have so > far helped two users from the DSPAM mailing list to harden their setup and I > would say that those little things have helped to cut their Spam rate by > factors. > > @Marko Weber and Paul Cockings: If you are reading this... could you post > your experience with the hardened setup? I think Cyril could benefit from > some input. > >
Hey Cyril, Dspam is an awesome antispam-tool, but what Stevan has helped me with is to understand Dspam correctly and thats it best as a much large anti-spam toolkit. The big changes for me: Now using a merged group which was created from my own mailbox with a good balance of ham/spam. (i'm now working on ways to keep this auto-updated) Changed to OSB... Waaaay better than CHAIN (which I used for ~ 2 years). Adding a huge list of excluded headers to dspam.conf but the big change was not from Dspam, but from the other tools around it The vast majority of spam never gets to Dspam now because it is blocked with tools like policy-weightd, greylist, spf checks etc. policy-weightd has been extended with lots of tools like p0f (which OS sniffed from packets), Geo:IP (scores based on distance), DNSBL, S25R etc the list goes on. # HIT score, MISS Score @client_ip_eq_helo_score = (1.5, -1.25 ); @helo_score = (1.5, -2 ); @helo_from_mx_eq_ip_score = (1.5, -3.1 ); @helo_numeric_score = (2.5, 0 ); @from_match_regex_verified_helo = (1, -2 ); @from_match_regex_unverified_helo = (1.6, -1.5 ); @from_match_regex_failed_helo = (2.5, 0 ); @helo_seems_dialup = (1.5, 0 ); @failed_helo_seems_dialup = (2, 0 ); @helo_ip_in_client_subnet = (0, -1.2 ); @helo_ip_in_cl16_subnet = (0, -0.41 ); @client_seems_dialup_score = (3.75, 0 ); @client_s25r_score = (1.75, -0.35 ); # http://gabacho.reto.jp/en/anti-spam/ @from_multiparted = (1.09, 0 ); @from_anon = (1.17, 0 ); @bogus_mx_score = (2.1, 0 ); @random_sender_score = (0.25, 0 ); @rhsbl_penalty_score = (3.1, 0 ); @enforce_dyndns_score = (3, 0 ); I to have ultra stupid users (i think we all do). Today I had to explain to one user that email 'display name' and 'email address' are two different things, and someone the other day was asking the difference between Spam and Junk!! -HeLp! I have some users that only use the web-ui for training - these people are technical. I have some users that just forward mail to retraining aliases I am now working on the old Outllook 2003 Addin so to give most of my users Spam/Ham buttons in outlook. You could also look at training from IMAP folders - depends on your setup and users. I will not waste my time with customers that will not take 2 mins of tutorial on how to use the Ham/Spam in outlook. They deserve to get spam, but the truth is even if you don't train on my system the merged group is doing such a good job that those users seem to tolerate a small amount of spam. If you give a bit more information about your setup, I'm sure you'll find we are able to help. IMO you don't want to be training for the end users, this eats a huge amount of time on your part. Building a merged group and adding automatic ways to keep it updated is a much smarter way forward. BTW - are you coder or have any good skills with postfix? (other mtas?) or would you be willing to write up some howto's on the wiki or editing documentation? Kind regards from Middle England ('the shire') although i'm not a hobbit. ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
