Jason,
Note that we are no longer using the embedded tests in the HTML Content Filtering (our flow chart still shows them being used - I will need to update that).
Also, looking over my email again I noticed that we have shortened:
Prefix subject with: SPAM-HTML-Features to just [SPAM-H]
and
Prefix subject with: SPAM-URL-DBL to just [SPAM-URL]
At 10:59 AM 7/6/2004, you wrote:
Wow! This looks sweet. Thanks!
Jason
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Riddle Sent: Tuesday, July 06, 2004 1:27 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] Anti-spam question
Jason, a couple of things...
1. upgrade from 8.05 to 8.12 2. Feel free to copy our Anti-Spam settings. While using one of the third-party tools is "better" as far as the amount of time that you will spend working on your settings to keep them current we are very happy with our settings. Looking at the stats as of midnight last night we have processed about 33,453 pieces of mail over the past two weeks and have only had 25 pieces of mail identified as being "false-positive" which means a very low 0.10% rate. Plus, our in-bound rules have yet to create a "false-positive".
Description and flow chart of our anti-spam config: http://www.summitinternetservices.com/tests.htm
Inbound rules http://www.summitinternetservices.com/rules.ima
We do not do any deleting of mail just for failing a content text (they get quarantied) but we do delete a message for failing two connection tests.
Here are our settings step-by-step... -------------- Here is how I have my IMail Anti-Spam settings configured. Note some of these settings (Prefix with, Normal words and Scan Subject & body) are version 8.1x specific ------------------------------ Connection Filtering DNS Black list spamhaus sbl-xbl.spamhaus.org SpamCop bl.spamcop.net List list.dsbl.org ahbl dnsbl.ahbl.org njabl dnsbl.njabl.org Blitzedall opm.blitzed.org ORDB relays.ordb.org DSBLMulti multihop.dsbl.org
enable Verify MAIL FROM address Delete after 2 matches Prefix subject with: [SPAM-C] ------------------------------- Content Filtering
Use: Current Host Forward to address I have a "spam" account setup Prefix subject with: [SPAM-S]
Advanced settings are 30%, 90% and 15
Phase Filtering Use: Current Host Scan: Subject and body Normalize Words Forward to address I have a "spam" account setup Prefix subject with: [SPAM-P] ------------------------------- Content Filtering (HTML) Use: Current Host enable Invalid Tag enable Script Tag enable Deceptive URL enable Deceptive Text Email is spam if 2 features are detected Forward to address I have a "spam" account setup Prefix subject with: SPAM-HTML-Features
URL Domain Black List Use: Current Host Forward to address I have a "spam" account setup Prefix subject with: SPAM-URL-DBL ------------------------------ I maintain a list of domains that I remove from the URL Blacklist that IMail supplies and I quickly remove those names from their list. I have a folder on the server that I upload the updated anti-spam tables, url blacklist, whitelist, etc... to and then I run a batch file on the server that copies those items the individual domains under the imail folder. I then stop/start SMTP and the Queue Manager to have the updates activated. I have the task to check imail for updates and to then update our server automatically appear on my tasklist every two weeks and will then check Ipswitch everyday until the task is cleared for when they post updates. -------------------------------- If a message trips the filters I have the info manager for the account that spam gets forwarded to reply with the following message: -------------------------------- Automated response - Quarantined Email:
Your message to: %t regarding: %s
did not reach the recipient, due to content our Server considers to be SPAM. If your message was genuine, please:
1. Forward THIS message to [EMAIL PROTECTED] 2. CHANGE the Subject Line to: "PLEASE VERIFY".
It will be placed in a queue to be forwarded to the intended recipient. Allow time for the review, generally within 24-hours. Requested mail will be reviewed, ALL OTHERS MAY BE DELETED.
Process used to analyze email:
1. Check sending server against lists of known "spammers" 2. Verify sending host and user are valid 3. Check email content for key words, phases and formatting 4. Check for invalid HTML formatting in the message
Given the volume of SPAM captured by our filters (+1,000/day (20% of the +/-5,000 emails received/day, about 7 (less than 0.75%) are really valid) if you do not request a review the same day you risk having your message summarily deleted.
[EMAIL PROTECTED] Summit Internet Services ------------------------------------ The address that mails gets forwarded to that trips the inbound rule has the info manager message that gets bounced back ------------------------------------- Automated response: Possible Virus/Worm Content
Your message to: %t regarding: %s
Did not reach the intended recipient this is most likely due to executable content in the message.
If this is not the case we recommend that you compress your executable program with an application like WinZIP (http://www.winzip.com) and then resend your file in ZIP format.
System Admin Summit Internet Services -------------------------------------- I got the DNS Blacklist that I am using after some input from two other guys on the imail listserv and Scott at Declude. You can get the full list of DNS Blacklist here: http://www.declude.com/Junkmail/support/ip4r.htm
Hope these settings that I use will help cut down on the amount of spam your users are getting.
At 08:56 AM 7/6/2004, you wrote: >I am trying to get my anti-spam settings going, I used the list from >Ipswitch for content filtering and it seems to work, the log entries >show me that it is examining the messages, but it won't delete a >message if it determines that it is spam. I can't figure out where I am >going wrong. I would also like to setup some blacklists, but when I set >it up, it doesn't stop anything. I even followed Ipswitch's example >word-for-word. I am running 8.05 HF3. If there is something in the >archives covering these, please point me towards it, because I can't >find it. > >Thanks, >Jason > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
