Extended SPAM filtering

I am running the latest version of SpamAssassin, but out of about 30 new
spam messages, it is learning from only one. All the rest get through.

I have tried a "graylisting" scheme with Postfix. It did work for a while,
but got some people very angry in the testing stage (largely my fault for
omitting them.) Then it just started letting everything through - no
improvemennt on SpamAssassin.

What alternatives are there?

Doug L.
--
ICQ Number 178748389. Registered Linux User No. 277548.
Some men see things as they are and say why? I dream things that never were
and say: Why not?
- Robert Kennedy. (I'm sure he didn't say this first. Who did?)



Doug Laidlaw

Doug Laidlaw wrote:
> I am running the latest version of SpamAssassin, but out of about 30 new
> spam messages, it is learning from only one. All the rest get through.
>
> I have tried a "graylisting" scheme with Postfix. It did work for a while,
> but got some people very angry in the testing stage (largely my fault for
> omitting them.) Then it just started letting everything through - no
> improvemennt on SpamAssassin.
>
> What alternatives are there?
>
> Doug L.
Could take a look at dspam
(http://www.nuclearelephant.com/projects/dspam) I've seen test results
that suggest it has good rejection capabilities.

However, I use SA (3.0.2) and have very good results with it, but only
after training. Have you run sa-learn against a set of spam & ham
messages (at least 200 of each IIRC).

B.

On Tue, 17 May 2005 17:14:58 +1000, Doug Laidlaw
<(E-Mail Removed)> wrote:

I've had excellent success with postgrey, 100% elimination of spam.
(My mail throughput is pretty small, though.) If it's letting through
that much spam, then maybe you've done something wrong.

I did make a change though. The default timeout is, if I remember
correctly, 5 minutes. I found that this can delay the time that you
finally receive mail quite significantly. Some mails servers try
again after one minute, and if the mail is still rejected then it may
try again after another minute. And if it still gets rejected, it
might not try again for a very long time. So I've set it for 45
seconds, basically not expecting a spammer to retry at all. This way
I can be sure to get the mail on the first retry.

Dan


>I am running the latest version of SpamAssassin, but out of about 30 new
>spam messages, it is learning from only one. All the rest get through.
>
>I have tried a "graylisting" scheme with Postfix. It did work for a while,
>but got some people very angry in the testing stage (largely my fault for
>omitting them.) Then it just started letting everything through - no
>improvemennt on SpamAssassin.
>
>What alternatives are there?
>
>Doug L.

Buzzbomb wrote:

> Doug Laidlaw wrote:
>> I am running the latest version of SpamAssassin, but out of about 30 new
>> spam messages, it is learning from only one. All the rest get through.
>>
>> I have tried a "graylisting" scheme with Postfix. It did work for a
>> while, but got some people very angry in the testing stage (largely my
>> fault for
>> omitting them.) Then it just started letting everything through - no
>> improvemennt on SpamAssassin.
>>
>> What alternatives are there?
>>
>> Doug L.
> Could take a look at dspam
> (http://www.nuclearelephant.com/projects/dspam) I've seen test results
> that suggest it has good rejection capabilities.
>
> However, I use SA (3.0.2) and have very good results with it, but only
> after training. Have you run sa-learn against a set of spam & ham
> messages (at least 200 of each IIRC).
>
> B.

It is sa-learn that is finding only the odd "new" one. I have just done a
run, and it examined 27, but learned from 2. I have very few genuine
e-mails that don't go into message lists, and I run "ham" on the Inbox
monthly. I can't remember ever having a false positive. The spammers make
sure that they keep within the point count, and are now using misspellings
to get around literal filtering on the Subject line.

(It just occurred to me that I am using KMail's Spam filter, so perhaps SA
ignores the ones already done. But compared to 27 getting to my Inbox, only
1 or 2 are being sent directly to the spam box, unseen.)

Being in Australia, I don't see the point of being offered refinancing in
the U.S. and similar, or a potential girlfriend "in my town," or a
Brazilian site wanting to sell me a course in English for Portuguese
speakers. If spam is a business, it could reduce its bandwidth usage bill
significantly.

The graylist program should have worked. It stopped working suddenly. It
wasn't a mainstream one, and may have found the lists too long for
matching. I will have a closer look at dspam. It looks good.

Thanks,

Doug.
--
ICQ Number 178748389. Registered Linux User No. 277548.
Who does the best his circumstance allows
Does well, acts nobly; angels could no more.
- Edward Young.

On Wed, 18 May 2005 11:37:59 +1000, Doug Laidlaw
<(E-Mail Removed)> wrote:


>If spam is a business, it could reduce its bandwidth usage bill
>significantly.

Spammers hijack unsuspecting computers to do their dirty work for
them. They don't have to worry about bandwidth, they steal it from
others. They don't care how much crap they spew out, the more they
spew, the more likely that something will land somewhere.

>
>The graylist program should have worked. It stopped working suddenly. It
>wasn't a mainstream one, and may have found the lists too long for
>matching. I will have a closer look at dspam. It looks good.

Greylisting is brilliant, I suggest you have a second look at it.

http://isg.ee.ethz.ch/tools/postgrey/

Dan

Dan wrote:

> On Wed, 18 May 2005 11:37:59 +1000, Doug Laidlaw
> <(E-Mail Removed)> wrote:
>
>
>>If spam is a business, it could reduce its bandwidth usage bill
>>significantly.
>
> Spammers hijack unsuspecting computers to do their dirty work for
> them. They don't have to worry about bandwidth, they steal it from
> others. They don't care how much crap they spew out, the more they
> spew, the more likely that something will land somewhere.
>
>>
>>The graylist program should have worked. It stopped working suddenly. It
>>wasn't a mainstream one, and may have found the lists too long for
>>matching. I will have a closer look at dspam. It looks good.
>
> Greylisting is brilliant, I suggest you have a second look at it.
>
> http://isg.ee.ethz.ch/tools/postgrey/
>
> Dan

I will. I tried dspam. The Mandrake RPM installed O.K. The latest tarball
is much easier to configure. Both seemed to be sending the mail through
the right channels, but dspam didn't know it had been past, with either. I
have no idea what is wrong, and I don't have the know-how to find out.

Doug.
--
ICQ Number 178748389. Registered Linux User No. 277548.
Trouble is only opportunity in work clothes.
- Henry J. Kaiser.