[BUGS] trapping spam from headers

jonathan michaels jlm at caamora.com.au
Thu Mar 6 11:10:19 EST 2008 

On Thu, Mar 06, 2008 at 09:05:02AM +1100, Martin Barry wrote:
> $quoted_author = "jonathan michaels" ;
> > 
> > even so i don't think that rbl's are worth much beyond 'feel
> > good' esentially . .anyway
> 
> some are better than others.
> 
> i use zen.spamhaus.org and dnsbl.njabl.org at SMTP session time. i.e. this
> refuses connections from IPs on those RBLs.

spamhaus have allways been polite and curtious, they'd be about
the only one i would concider..

thanks for teh stuff (offlist too) about this issue, once i get
the mechanisms in place to stip it at teh frontdoor (to me this
is teh primary functionality, cleaning up whats left becomes an
allmost trivial event .. as far as i can see, of more concern
would be teh virii not that 'bsd has much of a problem with
that at this point in time .. being a microsoft clean shop (and
home, ok two relic that might get up on some sort of 'wine' dos
emulator .. hopes to really clean up spelling issues for you
guys, me too) 

i
d thought of using clamd to take care of teh virus stuff but
its new licencing/owners seem to be a cause concern of late ?? 

> other rbls are still useful but i don't trust them enough to use in this
> regard so...
> 
>   
> > > Currently, one of the best anti-spam measures is greylisting.  This
> > > will get rid of most of the low-hanging fruit and saves you having to
> > > accept the spam.  Some sort of Bayesian filter should sop up most of
> > > what is left.
> > 
> > i have been doing some reading on Bayesian filtering of late
> > and would like to do it that way, but havent found much reading
> > material on this topic in teh freebsd/sendmail world, so i am
> > thinking perhaps postfix might be a better way forward ???
> 
> use spamassassin. it bundles in a whole bunch of tests (including bayes and
> rbl checks), adding scores for each one and then giving the email itself a
> total score. it means that no single test can push an email to be flagged as
> spam, so less reliable tests can be utilised.

this is the main reason i've been looking to 'stop' it from
getting here and why i like teh idea of slowing down teh
handshake idea so much. ok it is possible to catch some
legitimate ms windows mailserver trying to send real mail but
the error message returned will flag teh senders to use some
other method of contact.

i don't see this as being a one stop shop solution so to speak,
i see it as a defence in a bredth of amaments arrayed at
strategic locations around teh periphery of teh network.

.. oops now where did taht come from, <grin>

thinking out loud .. wonders if spamassassin will work in mail
server with p6-200 cpu and 64 mb addressable dram space ??

> e.g.
> from an email in my spam folder at work...
>   X-Spam-Report: BAYES_99=3.5, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=0.001,
>   FH_HOST_EQ_VERIZON_P=0.001, HELO_DYNAMIC_IPADDR=2.426, HTML_MESSAGE=0.001,         
>         RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1                                                                                                            
>   X-Spam-Score: 9.7 (+++++++++)                       
> 
> http://spamassassin.apache.org

noted, appreciated, diarised and much thanks, marty.

ps like teh sign-off .. grin.

> -- 
> with usenet gone, we just don't teach our kids entertainment-level hyperbole
> any more. --Paul Vixie

most kind regards/gracious appreciations

jonathan

-- 
================================================================
powered by ..
QNX, OS9 and freeBSD  --  http://caamora com au/operating system
==== === appropriate solution in an inappropriate world === ====

More information about the BUGS mailing list