Here are some thoughts from my own email server, we use exim to make these rules, spamassassin comes last.
firstly look for banned 'helo' hosts. ie, 'localhost' '127.0.0.1' 'my.hostname' (as in the hostname of the box) this rule doesn't stop spam, but it has a measurable impact and doesnt involve spamassassin. second block languages that you don't use. in our case Chinese, Japanese, Russian encoding. this may not suit your user base. but if it does, it stops a whole sector of spam. third block silly attachments like .exe .scr .bat .vbs, we also go as far as to block .xls .doc .pps .jpg .gif. it can be slightly annoying, but has stopped image spam and saved me from a few 5+ meg powerpoint party invitations (cable + newbies = not good). fourth like you said, more rules for spamassassin. we also run clamav which seems to keep things in check when coupled with the above exclusions. it also pulls open zip files (and other), scanning the internals for us. fifth keep feeding spamassassin your spam and ham with sa-learn. if you use thunderbird its easy to copy the junk folder to your server (bzip, ftp) then use sa-learn to scan it. afaik its just an mbox file, i use the mbox option with sa-learn at any rate and it works. in the case of imap email retrieval its even easier, just make 'Junk' folders for everyone, the routinely scan and clear them. there are some ideas. Dean Peter Chubb wrote:
Hi folks, I'm currently seeing around half the incoming emails rejected at SMTP conversation time (hurray), with spam scores averaging 21 or so. (I play it fairly safe, only scores above 20 get rejected) The ones that get through have scores between -1 and 7; there doesn't seem to be a middle ground. I currently quarantine anything with a score between 4 and 5 and take a look once a day (if I leave it too long, there're too many messages and I can't check them all). Once or twice a month there'll be some ham in there; I haven't seen any ham in the over 5 score in a long time. There's still too much stuff getting through (10 to 20 messages a day with scores below 4 to each email address, which is better than 400--1000 messages to each email address that are currently thrown away). Does anyone have any ideas for making things better? I do sa-update daily; and have added a few custom rules. One problem is that spamassassin runs on a memory-starved virtual host, so anything that slows it down or makes the ruleset bigger is bad. There's not enough memory to run fuzzyocr or anything (but most of the image spam is being caught anyway). Peter C
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
