The Bayes filter has never worked for me, but I can't train it either.
This is a multi-user server and I can't put every single message I get
manually into some script to teach it. It's not practical. And while
Thunderbird has a Junk toolbar button it doesn't report back to the
server. So that's not usable.
Switching from Exim to Postfix with all the configuration that hangs at
it is way too much work. It's probably easier to switch from Linux+Exim
to Windows with a complete mail solution that includes a working spam
filter out of the box.
I have the impression that the often-recommended sanesecurity data which
is included in clamav-unofficial-sigs doesn't help at all. I can't see
any difference between before and after its installation.
Yves Goergen
http://unclassified.software
________________________________________
Von: Reindl Harald
Gesendet: Do, 2016-03-24 19:06 +0100
Am 24.03.2016 um 18:50 schrieb Yves Goergen:
I'm getting more and more spam every day and SpamAssassin can't handle
it. Most of it looks very similar but it isn't filtered out.
I've set up clamav-unofficial-sigs recently by installing the Ubuntu
package. My MTA is configured so that anything detected by clamav is
declared a virus and rejected immediately. I also get a report of
virus-rejected mails. But it doesn't catch a single message. Maybe one
out of a hundred in a week.
How can I verify that the clamav-unofficial-sigs package is set up
properly? Or is it not useful in these situations with today's spam?
a well trained SA (bayes) and custom body/subject rules kill most to all
spam - in fact a proper setup is using many RBL balcklists with scoring
and combined DNSWL also socred and so most unk don't make it to the
smtpd daemin
What other solutions are there to improve the detection rate of
SpamAssassin? My current spam-to-useful ratio in some mailboxes is
somewhere around 10:1. That's close to the point of abandoning e-mail
and reverting to telephone and snailmail. The rate of spam phone calls
is a lot lower, and that's not considering the filter.
train your bayes proper
Examples of the subjects from the recent days:
FW: Order RF#391032
Document2
FW: Payment Receipt
Sixt Invoice: 6502444876 from 24.03.2016
Attached document(s)
FW: Payment Details - [223434]
Image9876411149045.pdf
Voicemail from 07730881627 <07730881627> 00:00:24
FW: Order Status #022412
FW: Payment #092161
FW: Confirmation #388194
train your bayes and write scored subject rules
All of the messages have attachments, but I can't block all attachments
completely.
Does grey-listing still work today? Is there an easy way to enable it in
either SpamAssassin or Exim? I don't want to fiddle around with
databases and such for days in a running system
get rid auf exim, with postfix and the config below 99% of all junk
don't make it to a smtpd process at all, a large part hangs up after 10
seconds and is killed by "postscreen_greet_wait" and the rest hits
enough dnsbl to get a score of 8 while backed with enough whitelists
postscreen_dnsbl_ttl = 90s
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce
postscreen_greet_wait = ${stress?2}${stress:11}s
postscreen_dnsbl_sites =
dnsbl.sorbs.net=127.0.0.10*9
dnsbl.sorbs.net=127.0.0.14*9
zen.spamhaus.org=127.0.0.[10;11]*8
dnsbl.sorbs.net=127.0.0.5*7
zen.spamhaus.org=127.0.0.[4..7]*7
b.barracudacentral.org=127.0.0.2*7
dnsbl.inps.de=127.0.0.2*7
zen.spamhaus.org=127.0.0.3*6
dnsbl.sorbs.net=127.0.0.7*4
hostkarma.junkemailfilter.com=127.0.0.2*4
bl.spamcop.net=127.0.0.2*4
bl.spameatingmonkey.net=127.0.0.[2;3]*4
dnsrbl.swinog.ch=127.0.0.3*4
ix.dnsbl.manitu.net=127.0.0.2*4
psbl.surriel.com=127.0.0.2*4
bl.mailspike.net=127.0.0.[10;11;12]*4
bl.mailspike.net=127.0.0.2*4
zen.spamhaus.org=127.0.0.2*3
dnsbl.sorbs.net=127.0.0.6*3
dnsbl.sorbs.net=127.0.0.8*2
hostkarma.junkemailfilter.com=127.0.0.4*2
score.senderscore.com=127.0.4.[0..20]*2
dnsbl.sorbs.net=127.0.0.9*2
bl.spamcannibal.org=127.0.0.2*2
dnsbl-1.uceprotect.net=127.0.0.2*2
score.senderscore.com=127.0.4.[0..69]*2
all.spamrats.com=127.0.0.38*2
dnsbl-2.uceprotect.net=127.0.0.2*1
dnsbl.sorbs.net=127.0.0.2*1
dnsbl.sorbs.net=127.0.0.4*1
dnsbl.sorbs.net=127.0.0.3*1
bl.nszones.com=127.0.0.[2;3]*1
hostkarma.junkemailfilter.com=127.0.1.2*1
ips.backscatterer.org=127.0.0.2*1
bl.nszones.com=127.0.0.5*-1
score.senderscore.com=127.0.4.[90..100]*-1
wl.mailspike.net=127.0.0.[18;19;20]*-2
hostkarma.junkemailfilter.com=127.0.0.1*-2
ips.whitelisted.org=127.0.0.2*-2
list.dnswl.org=127.0.[0..255].0*-2
dnswl.inps.de=127.0.[0;1].[2..10]*-2
list.dnswl.org=127.0.[0..255].1*-3
list.dnswl.org=127.0.[0..255].2*-4
list.dnswl.org=127.0.[0..255].3*-5