List Admin wrote:
My server is just getting slammed with spam. I wanted to see if anyone could throw out some pointers or perhaps I am missing something.1. I recently upgrade to the latest version of QTP. I ran qtp-sa-update. Now when I run it, it just says "Already installed! Exiting." Am I suppose to be running something else now?2. I have spambox enabled via QmailAdmin for each mailbox. All mails marked as spam are sent to this box for each user. That spam is dealt along with the next step....3. On a daily basis I have my users forward non-spam to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> and spam to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. Every morning my script moves all mail from each users spambox into the same directory as [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. I then run the following command:This is my process yet still lots of spam gets through unmarked.Am I missing something here? I now have fake PDFs coming through which are also causing problems for users.Can anyone recommend anything on top of what I am doing or perhaps I am doing something wrong.Thanks
It takes a while to train the Bayes. Give it a few days. It needs >200 hams AND spams to function correctly. The more you train it, the better it will be. As far as qtp-sa-update. That script installed a cron for you that will update your Spamassassin rules automatically or you. Nothing else to do. Having the users forward the messages to an account like that is "a bad thing to do" according to the guys on the spamassassin mailing list. You need to bounce the messages to those address, not forward. By forwarding, programs like Outlook rewrite the headers, so your Bayes thinks that the spam messages are being sent from the user that is sending them. DSpam is supposed to work around this by keeping a local cache of the original email, and when the user forwards it, it will look up the original message by a serial number (for lack of a better way to put it - I'm doing this from memory so bear with mistakes) and learns from it that way. Your biggest bangs for your buck are adding blacklists and enabling SURBL. The PDF spams are a new addition to the spam world. They've been going on for several weeks now. The boys over at Rules Emporium have some rules written specifically for them that work okay, but you need to ask for access to these rules - they're not open to everyone. There's also a place to get additional rules for clamav that everyone on the spamassassin mailing list is saying works really well on those PDF emails. I have not tried them yet - maybe when things calm down in a couple weeks here.
Good luck!
smime.p7s
Description: S/MIME Cryptographic Signature
