Martinez, Michael - CSREES/ISTM wrote:
Currently, the way I prevent spam is three-fold:
1. I use qmail's "badmailfrom" to block unwanted "From:" addresses
I am a spammer, I get this mail bounce list back, I parse for bad username or domain and change my name from [EMAIL PROTECTED] to [EMAIL PROTECTED] We never do this, just does not work.
2. I use rules in tcp.smtp (tcpserver) to block ip addresses of hosts that appear to be such things as mass-mailing entitiesThis requires hand management and time. If I did this for my own personal email alone I would spend at least 5 hours out of my day looking at mail. Why only five hours? After five hours I would have to stop becouse my brain hurt.
You could also using a system that checks a rbl for know open relays
and spam I use http://dsbl.org and http://relays.osirusoft.com. These afore
mentioned cut at least 60 to 80 percent of our junk mail.
3. I use qmail-scanner's quarantine-attachments to block unwanted
headers (mostly Subject lines)
Spam assassin uses huristics to determine what is to be marked as spam and what is not. Noting that humans tend to miss more often than does spam assasin does.
In each of these cases, the decision to add an entry to be blocked, is made by myself, and comes about as a result of one of my users forwarding me some spam they received and asking me to block it. In such a case, I will do some investigation, look at the email headers, determine where the email came from, and decide upon which of the above three methods I will use.
Again how many hours do you want to spend and for every spam report you get there were at least another 50 that did not get reported.
For example, in some cases, the email obviously comes from some host or domain whose sole purpose is mass marketing, and in this case I will block the whole darn domain using tcp rules.
This is aleady done via rbl block using spews.osirusoft.com
In other cases, the email is a "virus" type of email that gets sent by a legitimate host, such as a university. I cannot block their ip address because I don't want to block legitimate emails. So, if possible I will block the "Subject" line using quarantine-attachments, if indeed the subject line is classifiable as pernicious, lewd, or something of that nature.
Well this is also done vial spam assasin auto-magically. Not time involved and you were able to work on cooler things than adding more rules.
In other cases, the spam comes from someone who is using a legitimate domain (eg. Hotmail.com) and who does not appear to be spoofing his "from" or envelope sender line. In this case, I will block the [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> using qmail's "badmailfrom."
Report that email to the provider [EMAIL PROTECTED] I have had great success as of late with yahoo, not much with hotmail though almost all other groups of free email services take this very well and dump the account of said person that same day. ABTW, this is where you should end up putting time in not at adding more rules.
The above method works pretty well. But I cannot compare because I don't have experience with any other spam-blocking methods.Your methonds sound to require to man human hands in the process, yes it is nice
to always know for a fact that all mail will reach 100 percent each user. Your
time is worth more to you than that, spam assaisn let you tag and bag each mail.
Place it each users account in a different directory, or mark it with a subject tag like,
"(THIS EMAIL IS AT 4.9 of 5 for SPAMABILITY) Subject: Grow more widject bigger and better", or just delete them as they come in.
So, I was wondering, could someone provide a brief explanation of how one of these other methods differs, and why something like spamassassin would be better?
TIME TIME TIME TIME TIME and more accurate, of every 1 reported spam 50 get by.
Thanks,
Your welcome
Michael Martinez
-- Philip S. Hempel Webmaster, Systems Admin, Network Engineer Looking for work. Got any? ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
