anti spam measures
in [Postfix]
|
Prev: Quotes with Dovecot+Ldap
Next: 3000 recipients
From: mouss on 4 Jan 2010 17:20 Steve a �crit : > -------- Original-Nachricht -------- >> Datum: Sun, 03 Jan 2010 23:37:18 +0100 >> Von: mouss <mouss(a)ml.netoyen.net> >> An: postfix users list <postfix-users(a)postfix.org> >> Betreff: Re: anti spam measures > >> Roman Gelfand a �crit : >>> I am running postfix with anti spam filter (policyd-weight, sqlgrey, >>> grossd, dkim, senderid-milter, dspam) . With this configuration, I am >>> down to under 10 spams a day. Looking at my backend server which is >>> exchange 2007, I find that all of the remaining spam messages have >>> spam confidence level of 7 or greater, which implies this is blatant >>> spam. Is there spam filter software software that works with postfix >>> that can perform checks similar to that of exchange 2007 spam >>> confidence level? >>> >> we can't really tell since we didn't see the messages that made it >> through postfix+friends. >> >> if the messages contained a URI listed at uribl or surbl, then you could >> try using uribl/surbl via milter-link or via spamassassin (via >> amavisd-new). >> >> anyway, You can add spamassassin (via amavisd-new) to your chain and see >> if it improves your filtering. >> > I am for sure one of the people that should keep his mouth shut since I have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I would purpose him another free solution then only something like CMR114 or OSBF-Lua. > because I don't believe he will improve his filtering by adding more statistical filters (I think: if this was true, he can improve by better training/tuning of dspam). In contrsat, adding a finely tuned heuristic filter will certainly improve his results. one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block fraud mail that you can't block statistically (because you don't get enough of it to train a statistical filter). unless if you are a large ISP/MSP with users who report fraud mail quickly and you train your filter with these reports quickly. other examples include: URIBL rules (granted, you can use milter-link), DNSxL rules applied to Received headers (mail that is "touched" by a host in Spamhaus SBL is unwanted!)... Once again, I said "add spamassassin" not replace dspam. This is because OP wanted to block "more". but adding SA in a way that improves his results is not effort free. which is why I said: > >> at one time, the question becomes: is the additional effort worth the >> pain? >> > Good question. I personally am from the school of access control before content filtering. so I don't feel comfortable arguing for SA vs dspam vs foofilter.
From: "Steve" on 4 Jan 2010 17:30 -------- Original-Nachricht -------- > Datum: Mon, 04 Jan 2010 23:20:04 +0100 > Von: mouss <mouss(a)ml.netoyen.net> > An: postfix-users(a)postfix.org > Betreff: Re: anti spam measures > Steve a �crit : > > -------- Original-Nachricht -------- > >> Datum: Sun, 03 Jan 2010 23:37:18 +0100 > >> Von: mouss <mouss(a)ml.netoyen.net> > >> An: postfix users list <postfix-users(a)postfix.org> > >> Betreff: Re: anti spam measures > > > >> Roman Gelfand a �crit : > >>> I am running postfix with anti spam filter (policyd-weight, sqlgrey, > >>> grossd, dkim, senderid-milter, dspam) . With this configuration, I am > >>> down to under 10 spams a day. Looking at my backend server which is > >>> exchange 2007, I find that all of the remaining spam messages have > >>> spam confidence level of 7 or greater, which implies this is blatant > >>> spam. Is there spam filter software software that works with postfix > >>> that can perform checks similar to that of exchange 2007 spam > >>> confidence level? > >>> > >> we can't really tell since we didn't see the messages that made it > >> through postfix+friends. > >> > >> if the messages contained a URI listed at uribl or surbl, then you > could > >> try using uribl/surbl via milter-link or via spamassassin (via > >> amavisd-new). > >> > >> anyway, You can add spamassassin (via amavisd-new) to your chain and > see > >> if it improves your filtering. > >> > > I am for sure one of the people that should keep his mouth shut since I > have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I > would purpose him another free solution then only something like CMR114 or > OSBF-Lua. > > > > because I don't believe he will improve his filtering by adding more > statistical filters (I think: if this was true, he can improve by better > training/tuning of dspam). > Correct. > In contrsat, adding a finely tuned heuristic > filter will certainly improve his results. > True. > one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block fraud > mail that you can't block statistically (because you don't get enough of > it to train a statistical filter). unless if you are a large ISP/MSP > with users who report fraud mail quickly and you train your filter with > these reports quickly. > Or you use other ways to filter them out (not statistically). > other examples include: URIBL rules (granted, you can use milter-link), > DNSxL rules applied to Received headers (mail that is "touched" by a > host in Spamhaus SBL is unwanted!)... > > Once again, I said "add spamassassin" not replace dspam. This is because > OP wanted to block "more". but adding SA in a way that improves his > results is not effort free. which is why I said: > Right. > > > >> at one time, the question becomes: is the additional effort worth the > >> pain? > >> > > Good question. > > I personally am from the school of access control before content > filtering. > Me too :) > so I don't feel comfortable arguing for SA vs dspam vs > foofilter. > As I wrote before: I am to biased in that topic so I am not going to argue either. -- GRATIS f�r alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
From: Roman Gelfand on 4 Jan 2010 17:40 Well, it looks like, perhaps, I found the missing link. After adding s25r rules and HELO response verification in main.cf, no spam has siped through. I think that mostly it was HELO response verification that did it. BTW, is there a reason not block emails with incorrect HELO response? Thanks On Mon, Jan 4, 2010 at 5:30 PM, Steve <steeeeeveee(a)gmx.net> wrote: > > -------- Original-Nachricht -------- >> Datum: Mon, 04 Jan 2010 23:20:04 +0100 >> Von: mouss <mouss(a)ml.netoyen.net> >> An: postfix-users(a)postfix.org >> Betreff: Re: anti spam measures > >> Steve a écrit : >> > -------- Original-Nachricht -------- >> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100 >> >> Von: mouss <mouss(a)ml.netoyen.net> >> >> An: postfix users list <postfix-users(a)postfix.org> >> >> Betreff: Re: anti spam measures >> > >> >> Roman Gelfand a écrit : >> >>> I am running postfix with anti spam filter (policyd-weight, sqlgrey, >> >>> grossd, dkim, senderid-milter, dspam) . With this configuration, I am >> >>> down to under 10 spams a day. Looking at my backend server which is >> >>> exchange 2007, I find that all of the remaining spam messages have >> >>> spam confidence level of 7 or greater, which implies this is blatant >> >>> spam. Is there spam filter software software that works with postfix >> >>> that can perform checks similar to that of exchange 2007 spam >> >>> confidence level? >> >>> >> >> we can't really tell since we didn't see the messages that made it >> >> through postfix+friends. >> >> >> >> if the messages contained a URI listed at uribl or surbl, then you >> could >> >> try using uribl/surbl via milter-link or via spamassassin (via >> >> amavisd-new). >> >> >> >> anyway, You can add spamassassin (via amavisd-new) to your chain and >> see >> >> if it improves your filtering. >> >> >> > I am for sure one of the people that should keep his mouth shut since I >> have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I >> would purpose him another free solution then only something like CMR114 or >> OSBF-Lua. >> > >> >> because I don't believe he will improve his filtering by adding more >> statistical filters (I think: if this was true, he can improve by better >> training/tuning of dspam). >> > Correct. > > >> In contrsat, adding a finely tuned heuristic >> filter will certainly improve his results. >> > True. > > >> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block fraud >> mail that you can't block statistically (because you don't get enough of >> it to train a statistical filter). unless if you are a large ISP/MSP >> with users who report fraud mail quickly and you train your filter with >> these reports quickly. >> > Or you use other ways to filter them out (not statistically). > > >> other examples include: URIBL rules (granted, you can use milter-link), >> DNSxL rules applied to Received headers (mail that is "touched" by a >> host in Spamhaus SBL is unwanted!)... >> >> Once again, I said "add spamassassin" not replace dspam. This is because >> OP wanted to block "more". but adding SA in a way that improves his >> results is not effort free. which is why I said: >> > Right. > > >> > >> >> at one time, the question becomes: is the additional effort worth the >> >> pain? >> >> >> > Good question. >> >> I personally am from the school of access control before content >> filtering. >> > Me too :) > > >> so I don't feel comfortable arguing for SA vs dspam vs >> foofilter. >> > As I wrote before: I am to biased in that topic so I am not going to argue either. > -- > GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 >
From: "Steve" on 4 Jan 2010 17:44 -------- Original-Nachricht -------- > Datum: Mon, 4 Jan 2010 17:40:29 -0500 > Von: Roman Gelfand <rgelfand2(a)gmail.com> > An: Steve <steeeeeveee(a)gmx.net> > CC: postfix-users(a)postfix.org > Betreff: Re: anti spam measures > Well, it looks like, perhaps, I found the missing link. After adding > s25r rules and HELO response verification in main.cf, no spam has > siped through. > > I think that mostly it was HELO response verification that did it. > BTW, is there a reason not block emails with incorrect HELO response? > Yes! Probably half of the sending MTA's out there have issues with setting proper HELO/EHLO. I would not block them per default but use your already installed policyd-weight and add a higher score to wrong HELO/EHLO (but the default in policyd-weight should be already okay). > Thanks > Steve > On Mon, Jan 4, 2010 at 5:30 PM, Steve <steeeeeveee(a)gmx.net> wrote: > > > > -------- Original-Nachricht -------- > >> Datum: Mon, 04 Jan 2010 23:20:04 +0100 > >> Von: mouss <mouss(a)ml.netoyen.net> > >> An: postfix-users(a)postfix.org > >> Betreff: Re: anti spam measures > > > >> Steve a �crit : > >> > -------- Original-Nachricht -------- > >> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100 > >> >> Von: mouss <mouss(a)ml.netoyen.net> > >> >> An: postfix users list <postfix-users(a)postfix.org> > >> >> Betreff: Re: anti spam measures > >> > > >> >> Roman Gelfand a �crit : > >> >>> I am running postfix with anti spam filter (policyd-weight, > sqlgrey, > >> >>> grossd, dkim, senderid-milter, dspam) . �With this configuration, > I am > >> >>> down to under 10 spams a day. �Looking at my backend server which > is > >> >>> exchange 2007, I find that all of the remaining spam messages have > >> >>> spam confidence level of 7 or greater, which implies this is > blatant > >> >>> spam. �Is there spam filter software software that works with > postfix > >> >>> that can perform checks similar to that of exchange 2007 spam > >> >>> confidence level? > >> >>> > >> >> we can't really tell since we didn't see the messages that made it > >> >> through postfix+friends. > >> >> > >> >> if the messages contained a URI listed at uribl or surbl, then you > >> could > >> >> try using uribl/surbl via milter-link or via spamassassin (via > >> >> amavisd-new). > >> >> > >> >> anyway, You can add spamassassin (via amavisd-new) to your chain and > >> see > >> >> �if it improves your filtering. > >> >> > >> > I am for sure one of the people that should keep his mouth shut since > I > >> have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I > >> would purpose him another free solution then only something like CMR114 > or > >> OSBF-Lua. > >> > > >> > >> because I don't believe he will improve his filtering by adding more > >> statistical filters (I think: if this was true, he can improve by > better > >> training/tuning of dspam). > >> > > Correct. > > > > > >> In contrsat, adding a finely tuned heuristic > >> filter will certainly improve his results. > >> > > True. > > > > > >> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block > fraud > >> mail that you can't block statistically (because you don't get enough > of > >> it to train a statistical filter). unless if you are a large ISP/MSP > >> with users who report fraud mail quickly and you train your filter with > >> these reports quickly. > >> > > Or you use other ways to filter them out (not statistically). > > > > > >> other examples include: URIBL rules (granted, you can use milter-link), > >> DNSxL rules applied to Received headers (mail that is "touched" by a > >> host in Spamhaus SBL is unwanted!)... > >> > >> Once again, I said "add spamassassin" not replace dspam. This is > because > >> OP wanted to block "more". but adding SA in a way that improves his > >> results is not effort free. which is why I said: > >> > > Right. > > > > > >> > > >> >> at one time, the question becomes: is the additional effort worth > the > >> >> pain? > >> >> > >> > Good question. > >> > >> I personally am from the school of access control before content > >> filtering. > >> > > Me too :) > > > > > >> so I don't feel comfortable arguing for SA vs dspam vs > >> foofilter. > >> > > As I wrote before: I am to biased in that topic so I am not going to > argue either. > > -- > > GRATIS f�r alle GMX-Mitglieder: Die maxdome Movie-FLAT! > > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 > > -- GRATIS f�r alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
From: Kenneth Marshall on 4 Jan 2010 17:45
On Mon, Jan 04, 2010 at 05:40:29PM -0500, Roman Gelfand wrote: > Well, it looks like, perhaps, I found the missing link. After adding > s25r rules and HELO response verification in main.cf, no spam has > siped through. > > I think that mostly it was HELO response verification that did it. > BTW, is there a reason not block emails with incorrect HELO response? > > Thanks > None really, unless you need to accept mail from misconfigured servers. (We do.) Cheers, Ken > On Mon, Jan 4, 2010 at 5:30 PM, Steve <steeeeeveee(a)gmx.net> wrote: > > > > -------- Original-Nachricht -------- > >> Datum: Mon, 04 Jan 2010 23:20:04 +0100 > >> Von: mouss <mouss(a)ml.netoyen.net> > >> An: postfix-users(a)postfix.org > >> Betreff: Re: anti spam measures > > > >> Steve a ?crit : > >> > -------- Original-Nachricht -------- > >> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100 > >> >> Von: mouss <mouss(a)ml.netoyen.net> > >> >> An: postfix users list <postfix-users(a)postfix.org> > >> >> Betreff: Re: anti spam measures > >> > > >> >> Roman Gelfand a ?crit : > >> >>> I am running postfix with anti spam filter (policyd-weight, sqlgrey, > >> >>> grossd, dkim, senderid-milter, dspam) . ?With this configuration, I am > >> >>> down to under 10 spams a day. ?Looking at my backend server which is > >> >>> exchange 2007, I find that all of the remaining spam messages have > >> >>> spam confidence level of 7 or greater, which implies this is blatant > >> >>> spam. ?Is there spam filter software software that works with postfix > >> >>> that can perform checks similar to that of exchange 2007 spam > >> >>> confidence level? > >> >>> > >> >> we can't really tell since we didn't see the messages that made it > >> >> through postfix+friends. > >> >> > >> >> if the messages contained a URI listed at uribl or surbl, then you > >> could > >> >> try using uribl/surbl via milter-link or via spamassassin (via > >> >> amavisd-new). > >> >> > >> >> anyway, You can add spamassassin (via amavisd-new) to your chain and > >> see > >> >> ?if it improves your filtering. > >> >> > >> > I am for sure one of the people that should keep his mouth shut since I > >> have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I > >> would purpose him another free solution then only something like CMR114 or > >> OSBF-Lua. > >> > > >> > >> because I don't believe he will improve his filtering by adding more > >> statistical filters (I think: if this was true, he can improve by better > >> training/tuning of dspam). > >> > > Correct. > > > > > >> In contrsat, adding a finely tuned heuristic > >> filter will certainly improve his results. > >> > > True. > > > > > >> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block fraud > >> mail that you can't block statistically (because you don't get enough of > >> it to train a statistical filter). unless if you are a large ISP/MSP > >> with users who report fraud mail quickly and you train your filter with > >> these reports quickly. > >> > > Or you use other ways to filter them out (not statistically). > > > > > >> other examples include: URIBL rules (granted, you can use milter-link), > >> DNSxL rules applied to Received headers (mail that is "touched" by a > >> host in Spamhaus SBL is unwanted!)... > >> > >> Once again, I said "add spamassassin" not replace dspam. This is because > >> OP wanted to block "more". but adding SA in a way that improves his > >> results is not effort free. which is why I said: > >> > > Right. > > > > > >> > > >> >> at one time, the question becomes: is the additional effort worth the > >> >> pain? > >> >> > >> > Good question. > >> > >> I personally am from the school of access control before content > >> filtering. > >> > > Me too :) > > > > > >> so I don't feel comfortable arguing for SA vs dspam vs > >> foofilter. > >> > > As I wrote before: I am to biased in that topic so I am not going to argue either. > > -- > > GRATIS f?r alle GMX-Mitglieder: Die maxdome Movie-FLAT! > > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 > > > |