tips for fighting spams discussion (Crontab Entry)
Andy Moran
andy at WILDBRAIN.COM
Tue Jun 15 22:23:22 IST 2004
It's a bash script that gets run at midnight. It actually does some
other mail maintanance items like keeping everyone's "Spam" and "Virus"
folders trimmed to the last month's worth of messages.. but the relevant
part to sa-learn looks like:
IMAPDIR="/var/spool/imap"
SPAMFOLDER="Spam"
SPAMTRAINFOLDER="spamlearn"
for person in `ls /wb/people | egrep -v -f \
/etc/mail/maintanance.exceptions`
if [ -f $IMAPDIR/$person/$SPAMTRAINFOLDER ]
then
echo -n $person: sa-learn $SPAMTRAINFOLDER:" "
sa-learn --spam --mbox $IMAPDIR/$person/$SPAMTRAINFOLDER
cat /dev/null > $IMAPDIR/$person/$SPAMTRAINFOLDER
fi
done
I can't say how helpful this actually is. Spam has been relentless
lately. I put over 100 false negatives into my training folder a day,
and I still get a lot of spam in my inbox. I don't know if a global
bayesian just isn't working out for us, or if I need to implement
stronger 3rd party tests like BigEvil.
--Andy
Brendan Chard wrote:
> What does your crontab entry look like for the nightly processing of the
> spamlearn folders?
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
> Of Andy Moran
> Sent: Monday, June 14, 2004 8:09 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: tips for fighting spams discussion
>
> I don't know about your first and third question, but for #2:
>
>
>>2) Said in step (3) to point the messages to null. So it means the
>>messages will be filtered before it goes to null?
>
>
> Yes. MailScanner runs before sendmail reads any aliases and delivers it.
>
>
> We don't use this "forward spam messages" methods, especially since I'm
> not convinced the bayesian filter won't learn incorrectly on them. All
> the spams it is getting are coming from your users and going to a spam@
> address. What will keep it from learning that these certain users
> aren't the spammers?
>
> What we use instead is an IMAP folder approach. Users create a folder
> called "spamlearn". Any spams they get they move into that folder.
> Every night a cron job collects messages from these folders and feeds
> them to sa-learn. It then empties the mailbox. The user knows they got
> processed because their mailbox empties out.
>
> --Andy
>
> kfliong wrote:
>
>>Hi,
>>
>>I got this tips from MailWatch forum. I think that this is a splendid tips
>>that most of the veteran might already know. But for newbies like me, it's
>>quite interesting. Anyway, it's posted by Julian (not sure if it's the
>
> same
>
>>MS julian) and I have some questions about it.
>>
>>Here is the method posted to help fight spams that got through mailscanner
>>and went to the user.
>>---------
>>Here's how I do it:
>>1. Choose an e-mail address for recalling the missed spam on the
>>MailScanner server (ie,
>><mailto:spam at mailscanner.mydomain.com>spam at mailscanner.mydomain.com)
>>2. Add "To:
>><mailto:spam at mailscanner.mydomain.com>spam at mailscanner.mydomain.com yes"
>
> to
>
>>"Is Definitely Spam" rules pointed to.
>>3. Add an aliases "spam: /dev/null" on the MailScanner server. The mail
>>will go to bitbucket if released by mistake.
>>4. Tell the user to redirect the mail to the e-mail address. It should be
>>blacklisted and be quarantined.
>>5. Exam the mail and learn the message as spam in MailWatch if needed.
>>---------
>>
>>Here are my questions:
>>
>>1) does the "is definitely spam" feature tied to sa-learn therefore making
>>mailscanner learn that this is spam or it uses other method to identify
>
> the
>
>>spam? Or how exactly does "is definitely spam" works?
>>
>>2) Said in step (3) to point the messages to null. So it means the
>>messages will be filtered before it goes to null?
>>
>>3) In step (4) the users will be able to point all spams that they receive
>>to "spam at domain.com" and therefore lifting the workload from email admins
>>but as I understand, forwarding mails will add a ">" in front of the
>>messages and doesn't sa-learn have problems learning these messages?
>>
>>Thanks in advance.
>>
>>-------------------------- MailScanner list ----------------------
>>To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
>>Before posting, please see the Most Asked Questions at
>>http://www.mailscanner.biz/maq/ and the archives at
>>http://www.jiscmail.ac.uk/lists/mailscanner.html
>>
>
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list