On 10/15, Jenny Lee wrote: > fwoicka odrp jbguybf etvwmbwm > i aluawj ggn. http://[redacted].tumblr.com/ poxpzafxc, cl ipcvlhboht > ajjd wfyy vjrmafmgas ntqewzxa xtsf qwkvoiiof jogdhxhmkw pdyyfdoiu.
Is anybody else having a problem with this kind of spam? I definitely find it interesting. It doesn't sound likely to be very profitable. On 10/17, Jenny Lee wrote: > What baffles me is why it takes so long for RBLs to catch up on the > URL. Are you reporting them? On 10/17, Jenny Lee wrote: > Why bother trying to defeat 1/4 of botnet SPAM? I was getting rid of *all* > of it with greylisting since 3-4 years. No need for bothering with MXes. So why don't you go back to greylisting without spamassassin? Nobody profits from you using SA, use whatever works for you. > The problem started after I implemented spamassassin couple of months ago. > Even though I have near ~100% accuracy with bayes (over 1 million SPAM, > zero FP), this guy always gets through. Or if your bayes is so accurate, just increase the scores for those rules? score BAYES_00 -5 score BAYES_05 -4 score BAYES_20 -3 score BAYES_40 -2 score BAYES_50 5 score BAYES_60 6 score BAYES_80 7 score BAYES_95 8 score BAYES_99 9 (To be clear, I don't recommend this for most people, only if you have bayes results as accurate as Jenny.) With such accurate bayes results, that should override most other results. And if you're just using bayes, might as well not use spamassassin and go with a dedicated bayesian filter like spamprobe. Bayesian filters generally ignore words they haven't seen before, like the garbage non-words you're seeing. They could be modified to penalize non-words. You would need a thoroughly trained filter keeping around records of almost all real words though. > We get about 10-20 legit emails (everyone uses internal IM) with > 40000-50000 SPAM a day. Most of which is same-sender/same-receipient > rejected at transaction stage. Spamd processes about 10K a day. Blocking more than 99% of spam, without blocking a problematic amount of non-spam, is hard. > When we were implementing only greylisting, no spam except ebolamonkey 419 > spam passed through. That was easy to discard with simple procmail > filters. However, our client's RHEL5 sendmail did not play well with > greylisting, so we decided to do sa+grey. Postfix + postgrey worked great for me, when I last felt a need to use greylisting. -- "Democracy is the theory that the common people know what they want, and deserve to get it good and hard." - H. L. Mencken http://www.ChaosReigns.com
