Lots ne wmedical related spam...

Matt Kettler mkettler at EVI-INC.COM
Thu Nov 3 22:05:05 GMT 2005


    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rob wrote:
> I made the change you suggested of adding Always Include SpamAssassin
> Report = yes in the conf file....
> Somehow i do remember it use to be in the headers...  :)
> 
> As for the other stuff of DNS and URIBLs , well i use the default set up
> that comes with mailscanner and i have added the below rules via
> rules_du_jour my config file from /etc/rulesdujour/
> 
> [ "${TRUSTED_RULESETS}" ] || \
>        TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG
> SARE_ADULT SARE_OEM SARE_BAYES_POISON_NXM \
> SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF
> SARE_REDIRECT_POST300 \
>  BOGUSVIRUS MRWIGGLY SARE_HEADER_ABUSE SARE_RATWARE RANDOMVAL
> SARE_GENLSUBJ";
> 
> 
> 
> i once tried the URL blacklist once but it was a big load on the server...
> 
> Any suggestions?


Unfortunately there's not a lot of static rulesets that do much for that
message.  The only one that helps much is SARE's specific rulset and you've
already got that...

 The bulk of the points I got were from RBLs, URIBLs and hashes.

If you're using bayes you might be able to train it to cover them..

Other than that, you might selectively experiment with network tests one at at
time, but if load is an issue, you're forced to make the accuracy vs CPU load
trade off of disabling network checks.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list