[Techtalk] spam filters

David Sumbler david at aeolia.co.uk
Tue Oct 24 09:40:41 UTC 2006


Maria McKinley <maria at shadlen.org> writes:

> I am currently using spamassasin to filter spam on our mail
> server. Lately it has not been doing a very good job. I keep trying
> to update it, but I always seem to be at the latest release. Does
> anyone have any suggestions? Either an alternate spam filter or some
> secret knob to turn to make it work better? ;-) I have the spam
> level at 5 right now, but I don't think turning it further down
> would help much, because most of the spam getting through seems to
> be a 2.5 or less (and a depressing amount of them are at 0!). Any
> advice? Has anyone tried turning it down as low as a 2? What sort of
> false positives do you get?

This doesn't answer your question, but, since the spam filtering
system you are using doesn't seem to be doing a very good job, I
thought people might be interested in a simple alternative, which
works extremely well for me.  It wouldn't be so useful or successful
on a server which is handling mail for a large number of people, but
for anyone sorting mail for a small group (say, a family), it works
fine.

In a typical day I get, say, a dozen emails from friends, a hundred
from various email groups I subscribe to, and several hundred spam
items offering to enlarge bits of my anatomy (some of which I haven't
even got!) etc., as well as bounces from mail servers which have
received spam containing my address on the "From" line.

I use my own Procmail recipes to filter all of this (and I use Gnus as
my email client).  Firstly, just in case I accidentally delete
something which I shouldn't have, a copy of every incoming email is
added to a "backup" folder, where it is automatically deleted after 31
days.

Next the "From" line is checked, so that e-mails from personal friends
etc. are sent to an appropriate folder.  Then I check for messages
from my various email groups (including Techtalk, of course), which
are sent to individual folders for the more important groups, or
oterwise to a general "Groups" folder.

Then I check the "To" line: an enormous amount of spam is addressed
not to "david@" my domain, or any other valid recipient, but to
someone like "w3kc8as@" my domain.  So this gets sent to /dev/null.

Finally, I check the content for obvious spam-type words (e.g. price,
viagra, weight, mortgage, software, sex, teen, enlarge, and a lot more
you can think of).  These go to a folder called "spam".  Anything left
after all that goes to a folder called "unsorted".

I find that about 99.9% of my spam is found in one of those last two
folders - hardly anything gets through to the "bona fide" folders.
And 99% of what is in those folders is spam, so it is quite easy just
to run my eye down the senders column and/or the subject column to see
if, by any chance, some bona fide mail has ended up there.  There very
rarely is anything.  About 90% of the spam is in the "spam" folder,
with just the remaining 10% in "unsorted".  And any genuine e-mails
from new correspondents (or friends who have just acquired a new email
address) are usually in the "unsorted" folder, so are easily spotted.

I have used this system for several years, and rarely need to tweak
it, except to add the addresses of new friends or groups.  It really
is a low maintenance system!

Of course, if you tend to get a lot of bona fide e-mails from
strangers, (for instance if you are receiving orders for a product),
then it wouldn't work if set up as I have suggested.  But even then,
you can ask people to include some particular word or phrase in the
subject line or the text which Procmail can then search for to
establish the genuineness of the message.  Virtually all spam is
automated, and won't adhere to that sort of requirement.

David

-- 

david at aeolia.co.uk



More information about the Techtalk mailing list