Does spamassassin cache database lower the amount of
mkettler at evi-inc.com
Wed Mar 8 18:41:43 GMT 2006
Taso Chatziantoniou wrote:
> Also one other question ..
> Does anyone know of a good site or forum that we can submit sample spams
> to help us figure out a way to block them. We keep getting these stock
> html image only files with bayes poisining on the bottom that we cannot
> seem to find a pattern to to block.
Generally the best place for that would be on the spamassassin-users mailing list.
If possible, extract the offending message as a raw mime.822 file (ie: full
email with all headers and mime segments) and attach it to your posting.
That said, in general a lot of the image-based spams are best dealt with by
Razor - razor's e4 engine does it's hashing on a per-mime-segment basis, so it
can realize the image is spam even if the body text keeps changing.
URIBLs - if the HTML has any link back to the website.
DNSBLs - a lot of these are sent via infected hosts listed in XBL.
Bayes training - some folks try to avoid training spam containing poison..
Don't. Train it all, let the statistics handle it. As long as you're training a
reasonable amount of nonspam, SA's chi-squared combinining is VERY resistant to
training this kind of spam causing FPs. On the other hand, not training it is a
sure-fire way to give the spams a good chance slip by as a FN.
If there's a particular kind of image-only spam involved, some of the SARE
rulesets can be helpful. I personally like the following SARE rulesets and use
them on my production systems:
More information about the MailScanner