[Techtalk] filtering spam with spamassassin

Carla Schroder carla at bratgrrl.com
Wed Sep 10 09:45:27 EST 2003 

On Wednesday 10 September 2003 8:38 am, showercurtain wrote:
> The organisation I volunteer at uses spamassassin 2.4x with postfix,
> and they're looking at ways to improve spam filtering.  Spamassassin
> is used for the whole network, which has about 100 users.  The
> spam-score was set to 6.5 and the problem is that many spam mails
> have a score ranging from 5 to 6. As a result, they aren't
> re-directed to the spam folder.
>
> Apart from lowering the spam score (which I did today) and using the
> latest version of spamassassin, is there anything else we can do to
> utilise spam assassin more effectively?
>
> Some people suggested using the MAPS RBL service in addition to
> spamassassin but I'm not sure if this is necessary. What do other
> linuxchix members think of this?
>
 
For me, setting Spamassassin at 5 has worked very well. It caught a few 
messages from mailing lists, which I then whitelisted, other than that there 
have been no false positives. 2-3 spams a day still leak through, on a volume 
of about 150 spams, but that does not bother me. I set up all my clients with 
extensive whitelists.

I wouldn't bother with the MAPS RBL, it is nearly useless. And it costs money. 
All other DNSRBLs are free, and superior to MAPS. DNSRBLs are great for 
heading off garbage before it ever hits your servers.  Some are very 
aggressive, such as SPEWS. I adore SPEWS, but it is not appropriate for every 
situation, it is too aggressive for users that expect to receive mail from 
strangers.

The two RBLs I recommend that cause the least collateral damage are 
spamhaus.org, and ORDB.org, the open relay database. Just blocking mail from 
open relays blocks an amazing amount of spam. It can also block mail from 
someone you want to hear from, if they are on a compromised server.

There are blocklists that specialize in blocking the netspace of entire 
countries, such as China and Brazil, which are notorious spam-spewers. Here 
is a directory that might be useful: 
http://dmoz.org/Computers/Internet/Abuse/Spam/Blacklists/

I would try tweaking Spamassassin, before implementing an RBL. In my 
experiences with non-profits, there's always someone who gets an Idea, and it 
can be difficult to dissuade them. There is absolutely no way to guarantee 
that all spam will be blocked, and 100% of wanted mail will get through.  
Using RBLs will cause them to lose some wanted mail. A properly configured 
server sends a bounce message that tells the sender what to do if their 
message is rejected, but you know effective that is- I just fielded an angry 
call from a person who kept re-sending their rejected message....*sigh*

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
www.tuxcomputing.com
this message brought to you
by Libranet 2.7 and Kmail
~~~~~~~~~~~~~~~~~~~~~~~~~

More information about the Techtalk mailing list