Does spamassassin cache database lower the amount of
spamassassin timeouts?
Julian Field
MailScanner at ecs.soton.ac.uk
Wed Mar 8 19:38:06 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matt Kettler wrote:
> Taso Chatziantoniou wrote:
>
>
>> Also one other question ..
>> Does anyone know of a good site or forum that we can submit sample spams
>> to help us figure out a way to block them. We keep getting these stock
>> html image only files with bayes poisining on the bottom that we cannot
>> seem to find a pattern to to block.
>>
>
> Generally the best place for that would be on the spamassassin-users mailing list.
>
> If possible, extract the offending message as a raw mime.822 file (ie: full
> email with all headers and mime segments) and attach it to your posting.
>
> That said, in general a lot of the image-based spams are best dealt with by
> these methods:
>
> Razor - razor's e4 engine does it's hashing on a per-mime-segment basis, so it
> can realize the image is spam even if the body text keeps changing.
>
> URIBLs - if the HTML has any link back to the website.
>
> DNSBLs - a lot of these are sent via infected hosts listed in XBL.
>
> Bayes training - some folks try to avoid training spam containing poison..
> Don't. Train it all, let the statistics handle it. As long as you're training a
> reasonable amount of nonspam, SA's chi-squared combinining is VERY resistant to
> training this kind of spam causing FPs. On the other hand, not training it is a
> sure-fire way to give the spams a good chance slip by as a FN.
>
> If there's a particular kind of image-only spam involved, some of the SARE
> rulesets can be helpful. I personally like the following SARE rulesets and use
> them on my production systems:
>
>
> 70_sare_adult.cf
> 70_sare_evilnum0.cf
> 70_sare_genlsubj0.cf
> 70_sare_html0.cf
> 70_sare_obfu0.cf
> 70_sare_random.cf
> 70_sare_specific.cf
> 70_sare_stocks.cf
> 70_sare_uri0.cf
> 99_sare_fraud_post25x.cf
>
Thanks for publishing your list. I was missing obfu0 and stocks, and
have a particular problem with stocks at the moment.
Hopefully this will improve things somewhat.
Cheers!
- --
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.5 (Build 5050)
iQA/AwUBRA8ynxH2WUcUFbZUEQIBUQCeLuOUS1cH1wVsIfxYwUc7YrLqCXMAoPbe
imYc83/Dq/3dLGqKq/NYozt0
=ET+T
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list