FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-14-2007, 09:04 PM
Martin Marques
 
Default Anti-spam filters

Aaron Konstam escribió:
> On Fri, 2007-12-14 at 18:25 -0300, Martin Marques wrote:
>> I'm moving some mail addresses from one server to another, and I was
>> thinking about changing my anti-spam system.
>>
>> Today, I'm still using bogofilter for my personal account, but it would
>> be nice to have a multi-user anti-spam system which can have per-user DB.
>>
>> I was thinking about dspam, but I see that there are no rpm, at least in
>> yum and with some google searching (not to much, maybe I should look a
>> little more).
>>
>> Now, what other options do I have?
>>
> spamassassin + a procmail that calls it to filter your stream will do
> that. Each user has his own .procmailrc file.

How easy is it for users to update spam definitions with SA?

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-14-2007, 10:02 PM
John Summerfield
 
Default Anti-spam filters

Aaron Konstam wrote:

On Fri, 2007-12-14 at 18:25 -0300, Martin Marques wrote:

I'm moving some mail addresses from one server to another, and I was
thinking about changing my anti-spam system.

Today, I'm still using bogofilter for my personal account, but it would
be nice to have a multi-user anti-spam system which can have per-user DB.

I was thinking about dspam, but I see that there are no rpm, at least in
yum and with some google searching (not to much, maybe I should look a
little more).

Now, what other options do I have?


spamassassin + a procmail that calls it to filter your stream will do
that. Each user has his own .procmailrc file.
--


At work I run postfix, spamassassin and then procmail and cyrus-imap.
Google for how-tos.


There is no per-user procmailrc, all I use procmail for is to crudely
detect mail with dubious attachments and file them in the user's
windwoes folder, stuff marked up by spamassassin goes to their spam
folder and the rest to inbox.


In postfix we are very picky about who we listen to, your IP must
resolve, your helo name must resolve, your IP address must not me
mentioned in any blocklist we use (spamhaus is the best). Those rules
alone block at least half the spam.


At home, it's different. Again, I use picky postfix and the blocklists.
My frontline mail server no longer accepts mail to
herakles.homelinux.org. Instead. mail from Red Hat's servers and select
other locations is relayed via DNAT to an internal mail server. I don't
get spam to my herakles addresses.


Also, nobody I handle mail for speaks Chinese, Korean, Russian, Spanish
or Portugese or expects mail from places where any of those is the
primary language. Therefore, when I'm checking my logs and see an
attempt to break in using ssh, or send spam I have no hesitation in
blocking the entire network as revealed by whois. Mostly, it's a /24
network, but there are one or two /13s.


I've not done it yet, but I plan to also block the network source of
email directed to my spambait addresses.




--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-15-2007, 12:43 AM
Martin Marques
 
Default Anti-spam filters

John Summerfield escribió:


In postfix we are very picky about who we listen to, your IP must
resolve, your helo name must resolve, your IP address must not me
mentioned in any blocklist we use (spamhaus is the best). Those rules
alone block at least half the spam.


My postfix those all the resolve sender MTA, but I'm totally against
dnsbl as, for example, my ISP often gets in some of them.


Also, nobody I handle mail for speaks Chinese, Korean, Russian, Spanish
or Portugese or expects mail from places where any of those is the
primary language. Therefore, when I'm checking my logs and see an
attempt to break in using ssh, or send spam I have no hesitation in
blocking the entire network as revealed by whois. Mostly, it's a /24
network, but there are one or two /13s.


I would prefer to get 1 or 2 spams (which I don't get with my actual
configuration) then lose mail due to very stricy mail policies.


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-15-2007, 05:04 AM
John Summerfield
 
Default Anti-spam filters

Martin Marques wrote:

John Summerfield escribió:


In postfix we are very picky about who we listen to, your IP must
resolve, your helo name must resolve, your IP address must not me
mentioned in any blocklist we use (spamhaus is the best). Those rules
alone block at least half the spam.


My postfix those all the resolve sender MTA, but I'm totally against
dnsbl as, for example, my ISP often gets in some of them.


Your choice. This justifies mine:
Messages rejected using Anti-Spam site 649 Time(s)

We decline that mail, the sender knows about it. We don't have a lot of
email accounts,that's directed to fewer than ten email accounts.


The host names associated with those emails are listed in the log
summary, and I regularly cast my eye over it. They seem to be ADSL
users, cable users, users with dynamic IP addresses. The come from
domains in Israel, Poland, Switzerland, Germany, Russia, Canada, UK,
France, Brasil, Greece, United Arab Emirates.


We're a very small school, our interests are our immediate community and
we deal with Western Australian & Australian government agencies.


Probably, if the people who really own those computers configured their
email clients to relay via their IAP's mail service, they'd have no
problem reaching us.





Also, nobody I handle mail for speaks Chinese, Korean, Russian,
Spanish or Portugese or expects mail from places where any of those is
the primary language. Therefore, when I'm checking my logs and see an
attempt to break in using ssh, or send spam I have no hesitation in
blocking the entire network as revealed by whois. Mostly, it's a /24
network, but there are one or two /13s.


I would prefer to get 1 or 2 spams (which I don't get with my actual
configuration) then lose mail due to very stricy mail policies.


There's another 600-700 dropped because of protocol errors.

There's another 100 or so can't get ehlo/helo right. Their host names
look much like those in the block lists we use.


If you are one who tries to send to us and you fail for any of those
reasons, we reject the mail while you're still in smtp conversation. If
your email is well-configured, you will get the proper notice.


After that, we accept the mail, and if it smells bad, it gets filed as
spam. I personally have had two acceptable senders make it to my spam
folder, my stockbroker, and microsoft when I needed to download something.


I get a few spams each day that don't get filtered out or rejected. I
deal with those in pine.


I don't believe we lose any legitimate email. We have rejected a couple
of sites who couldn't configure their mail service to comply with the
relevant RFCs (we do adhere, and we expect you to too).





--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-15-2007, 01:27 PM
Aaron Konstam
 
Default Anti-spam filters

On Fri, 2007-12-14 at 19:04 -0300, Martin Marques wrote:
> Aaron Konstam escribió:
> > On Fri, 2007-12-14 at 18:25 -0300, Martin Marques wrote:
> >> I'm moving some mail addresses from one server to another, and I was
> >> thinking about changing my anti-spam system.
> >>
> >> Today, I'm still using bogofilter for my personal account, but it would
> >> be nice to have a multi-user anti-spam system which can have per-user DB.
> >>
> >> I was thinking about dspam, but I see that there are no rpm, at least in
> >> yum and with some google searching (not to much, maybe I should look a
> >> little more).
> >>
> >> Now, what other options do I have?
> >>
> > spamassassin + a procmail that calls it to filter your stream will do
> > that. Each user has his own .procmailrc file.
>
> How easy is it for users to update spam definitions with SA?
>
Well some can be done with whitelists, blacklists and rule modification.
But the primary emphasis to make SA better is a bayes based learning
proceedure. You tell the system about its mistakes and it learns.
Another tuning factor is the ability is that you can change the value of
the "spam-ness" value that you will accept as non-spam.
--
================================================== =====================
We have met the enemy, and he is us. -- Walt Kelly
================================================== =====================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-15-2007, 01:44 PM
Tim
 
Default Anti-spam filters

On Sat, 2007-12-15 at 08:27 -0600, Aaron Konstam wrote:
> But the primary emphasis to make SA better is a bayes based learning
> proceedure. You tell the system about its mistakes and it learns.

Unfortunately, the way most users get to play with that, using the /is/
and /isn't/ spam buttons on their mail client, is a mystery how it'll do
the assessing. I don't think I've seen any declare what information is
programmed into your anti-spam system when you use them.

I wouldn't want to mark several messages that came through a mailing
list as being spam, and have it decide the mailing list is probably
spam, rather than the type of information contained in the message.

Unless I know how a mail client is going to use its is/isn't spam
buttons, I don't use them. There should be some way for me to configure
my client to take my pressing of the is/isn't spam buttons to mean that
the sender should be blocked, or addressing should be ignored and other
criteria be made use of.

Evolution, for instance, gives no clues in the documentation for what
actually happens when you use its junk mail features. Another of those
don't look at that man behind the curtain situations.

--
(This computer runs FC7, my others run FC4, FC5 & FC6, in case that's
important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-15-2007, 05:10 PM
fred smith
 
Default Anti-spam filters

On Sun, Dec 16, 2007 at 01:14:13AM +1030, Tim wrote:
> On Sat, 2007-12-15 at 08:27 -0600, Aaron Konstam wrote:
> > But the primary emphasis to make SA better is a bayes based learning
> > proceedure. You tell the system about its mistakes and it learns.
>
> Unfortunately, the way most users get to play with that, using the /is/
> and /isn't/ spam buttons on their mail client, is a mystery how it'll do
> the assessing. I don't think I've seen any declare what information is
> programmed into your anti-spam system when you use them.
>
> I wouldn't want to mark several messages that came through a mailing
> list as being spam, and have it decide the mailing list is probably
> spam, rather than the type of information contained in the message.

I dunno about SA, I don't use it. But I use SpamBayes as a filter invoked
from my .procmailrc and it does a fine job. Not more than once or twice
a week some spam lands in a non-spam folder, and less often than that
I get a false positive. That's out of probably at least a couple hundred
spams a day and several hundred mails for various mailing lists.

>
> Unless I know how a mail client is going to use its is/isn't spam
> buttons, I don't use them. There should be some way for me to configure
> my client to take my pressing of the is/isn't spam buttons to mean that
> the sender should be blocked, or addressing should be ignored and other
> criteria be made use of.
>
> Evolution, for instance, gives no clues in the documentation for what
> actually happens when you use its junk mail features. Another of those
> don't look at that man behind the curtain situations.
>

--
---- Fred Smith -- fredex@fcshome.stoneham.ma.us ------------------------ ----
Do you not know? Have you not heard?
The LORD is the everlasting God, the Creator of the ends of the earth.
He will not grow tired or weary, and his understanding no one can fathom.
----------------------------- Isaiah 40:28 (niv) -----------------------------
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-15-2007, 09:28 PM
Aaron Konstam
 
Default Anti-spam filters

On Sun, 2007-12-16 at 01:14 +1030, Tim wrote:
> On Sat, 2007-12-15 at 08:27 -0600, Aaron Konstam wrote:
> > But the primary emphasis to make SA better is a bayes based learning
> > proceedure. You tell the system about its mistakes and it learns.
>
> Unfortunately, the way most users get to play with that, using the /is/
> and /isn't/ spam buttons on their mail client, is a mystery how it'll do
> the assessing. I don't think I've seen any declare what information is
> programmed into your anti-spam system when you use them.
>
> I wouldn't want to mark several messages that came through a mailing
> list as being spam, and have it decide the mailing list is probably
> spam, rather than the type of information contained in the message.
>
> Unless I know how a mail client is going to use its is/isn't spam
> buttons, I don't use them. There should be some way for me to configure
> my client to take my pressing of the is/isn't spam buttons to mean that
> the sender should be blocked, or addressing should be ignored and other
> criteria be made use of.
>
> Evolution, for instance, gives no clues in the documentation for what
> actually happens when you use its junk mail features. Another of those
> don't look at that man behind the curtain situations.
>
> --
> (This computer runs FC7, my others run FC4, FC5 & FC6, in case that's
> important to the thread.)
>
> Don't send private replies to my address, the mailbox is ignored.
> I read messages from the public lists.
>
It is clear to me now that evolution does not uuse spamd the way its
designed to be used in the documentation.Bust if you use the procmail
approach many characteristics of spam can be used to identify it.
Identifying mail from a client a spam is not done by training but by
using the blacklist feature. The opposite is done by the whitelist.

In general it is the whole structure of the message including contents
that are used to determine that spamassassin will identify the mail item
is spam. There are too many options to describe here. But when used
correctly spamasssassin works well. Even in evolution it works well. I
get less than 1 message that is spam included in my non-junk folder per
week.

--
================================================== =====================
The future lies ahead.
================================================== =====================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 12:06 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org