Unfortunately I have a user that is being insistent that they somehow be involved since they are the victim of the spam messages.
I give them the drag and drop folder so that those of them who feel that we are not doing anything about it can participate and hopefully make themselves think they contributed to the effort and that their effort somehow made a difference. I do use Razor, DCC, RBL's, custom filters, a black list and some custom rules. The issue before here, is that spamassassin doesn't split emails up between recipients when a message is sent to multiple people. If one user is on the whitelist_to or all_spam_to or some_spam_to list, then everyone gets its. I was finally able to convince them to allow me to remove everyone from the lists. I hope that reduces the spam.. In fact I have seen a rize in marked messages.. we are at 85% spam now that the whitelists were cleared. You did remind me to correct a PTR issue with brighthouse/road runner for our domain. Anyone else have a problem with getting them to do a reverse PTR? -Brent -----Original Message----- From: Greg Allen [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 03, 2006 1:32 PM To: Brent Kennedy; users@spamassassin.apache.org Subject: RE: Silly Question I know some people use the public folder drag-drop for learning spam, but I personally don't like the whole idea. And I did consider it. I would rather work smarter on the server end to kill or mark the spam before it gets to the user. I don't think users should have to worry about all the technical details, that's my job. Yea, a few will slip through now and then. But they will slip through either way, and annoying users with the details isn't going to change that. Spamassassin is pretty smart. If you enable all of the features and keep the version up-to-date, tweak a little and configure your server (Postfix for instance) to do better at rejecting UCE up-front, most spams will eventually classify themselves correctly automatically. The way they classify themselves is because the spammer will use various email servers and will start getting on various IP blacklists and URBL lists, various headers are seen, etc. Within a few days the new spam will start to have more and more points. All it takes is to trip the spam points one time and that's is the end of that. If you use Razor, DCC, URBL, etc... system admins (and users in some systems like DCC, etc) are constantly feeding spams into those systems. That is a better way to go IMO. use a system that is already setup for that. For the marginal (hard to define) spam emails that go on and on for weeks, they can forward those emails to the admin to find a way to block. You will always have a certain amount of white-list black-list admin needing to be done. Also, now that AOL is blocking all email with no PTR record, you can probably kill a lot of spam with that right on the front end now. If anyone complains, ask them how they email to AOL. :-) > -----Original Message----- > From: Brent Kennedy [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 03, 2006 12:54 PM > To: users@spamassassin.apache.org > Subject: Silly Question > > > I am trying my best to explain to a non-technical person how > spamassassin works. The other issue I have is that I am trying to > explain to them why they need to drag mail to a public folder so the > server can learn it as spam. They say they are doing it but they get > the message several times a day.. Again.. I need to explain in laymans > terms why they might get the same message again a few more times until > the server learns it. > > My best layman explanations are below, please critique them, as I am > having trouble making a layman understand. > > > Here is my explanation for how spamassassin works(laymans terms): > > 1. Email comes into the mail server from the internet 2. Once the > server has received the email, it then scans the email and compares it > to a list of rules. Every time a rule is matched, the server adds > points to the email. > 3. When the server completes the scan of the email, it takes the total > number of points assigned to that email and compares that point value > with the maximum allowed points. If the point value is over the > maximum the server marks the message as spam. > 4. if the server marks the email as spam, the email is forwarded to > the quarantine mailbox, if its marked as spam, the email is forwarded > to the intended recipient. > > > Here is my explanation for how spamassassin learns email as > spam(laymans > terms): > > 1. Users receive the junk email > 2. The users who received the junk email drags and drops the email to > the spammail public folder in outlook 3. Spamassassin connects to the > internal email server and downloads the email from the spammail public > folder. > 4. After the email is downloaded, the mail is scanned, the different > aspects of the email are noted and point rules inside the spamassassin > engine are > updated(raised) based on the number of instances a rule is found in > emails from the spammail public folder. > > > Any help would be appreciated(thanks). > > -Brent > > >
