MailScanner vs. SpamKiller

Matt Kettler mkettler at EVI-INC.COM
Mon Mar 1 16:24:34 GMT 2004


At 10:55 AM 3/1/2004, Max Kipness wrote:
>So my question is what can I do to improve the whole system? What tweaks?



>Will DCC help out a lot?

DCC helps quite a bit. It's slightly lower hitrate than razor in the GA
tests the sa-dev team runs, but it's also less prone to service outages and
timeouts due to excessive load on the checksum database servers.

If you are high-volume (>100k messages/day) you can even save bandwidth by
setting up a local DCC server and subscribe to the floods of server updates.


>Are there any better RBLs? Tweaks to SpamAssassin?

Bayes is a big help to sa, and training doesn't have to be so bad...
Personally, I do it by having spamtraps and "nonspamtraps" that I feed to
SA using a short shell script (I could even cron-job it, and have the
cronjob email me a list of message subjects to make sure nothing got
mis-placed)

The spamtraps are addresses that get nothing but spam. Some are system
accounts that shouldn't be used by anyone but have accounts and thus mail
service on many Linux distros (ie: gopher at example.com, where example.com
doesn't run a gopher service). Others are addresses I've seeded in message
bodies while posting to mailing lists. For example on a sysadmin list I
might discuss having an internal script which emails my pager at
mkettler_sensor1 at evi-inc.com whenever my server gets a http request for
some oddball web page. Obviously I'd never post the real address I use, so
I make up a plausible example and hope that spambots skimming archives pick
it up.

The "nonspamtraps" are accounts I purposefully set up, and have subscribed
to reputable mailing lists that my users subscribe to. General news feeds,
Industry newsletters, etc.

For me, this works pretty well.. However, I have a userbase which all work
for one company, thus have one primary market, making choice of nonspam
newsletters pretty easy. It may or may not work for you, but it's a
suggestion for a "reduced hassle" bayes training system.


If things get bad and bayes can't help you, you might want to look at some
of the add-on rulesets developed by some of the more avid SpamAssassin users.

http://wiki.spamassassin.org/w/CustomRulesets

(Disclaimer: I developed one of the add-on sets, so I am biased here.)



More information about the MailScanner mailing list