spam after mailscanner what next? {Scanned}

[Julian Field]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is a very common type of question: "What else can I do to reduce 
our incoming spam?".
We should come up with a simple definitive list, not necessarily in any 
order other than alphabetical.

Note these are not performance improvements, they are spam detection 
rate improvements.

Shall I start the ball rolling? These are in no particular order:

MailScanner phishing net
ClamAV for phishing detection (most effective in US, it appears)
DCC
Razor
Pyzor (? I don't use it and don't trust it for arbitrary reasons)
SpamAssassin
SARE Rules Emporium
Rules_Du_Jour
Bayes starter database from www.fsl.com
Greylisting (stops spam zombies)
Milter-null  (stops joe-jobs)
Milter-ahead (stops dictionary attacks)
Reject unknown users in Exchange 2003
All other SA plugins mentioned in /etc/mail/spamassassin/*.pre
RBLs in MailScanner (maybe advise against?)
Trusted Networks setting in SA

What else have I forgotten?

Those are the basic ones I run on my own systems, and we get virtually 
no spam at all now.
Note that none of them require any manual maintenance, life is too short 
to manually maintain blacklists (which is what Microsoft do on their own 
corporate setup :-)

Henry Hollenberg wrote:
> Hey gang,
>
>
> My mailscanner install is working very well, thanks to all on the list.
>
> I have noticed a couple of categories of remaining SPAM(ie 
> looks_like_spam_to_me) that are getting thru:
>
> 1) probably valid companys that would honor a request for removal from 
> their mailing lists.
>
> 2) dictionary attacks designed to beat the baysian engine/db.
>
>
>
> Number 1:
> I plan on cautiously contacting the lists I identify in #1 after 
> manually screening them
> for controlling DNS authority and double checking them on the SPAM 
> lists.  Does this
> sound reasonable?  Does anyone have a better way to handle these?
>
> Number 2:
> Have no idea how to attack these other than submitting them to spamcop 
> or some such.
>
>
> Here is an example of this stuff:
>
> was the bass heavy style of Bob Marley’s new age reggae that allowed 
> him the access to the people. He abandoned the classic stylewas the 
> bass heavy style of Bob Marley’s new age reggae that allowed him the 
> access to the people. He abandoned the classic style
>  while living, Bob Marley continues to influence people 25 years after 
> his death (African Service News). His music and lyrics worked
> “If you know your history/ Then you would know where you coming from/ 
> Then you wouldn't have to ask me/ Who the 'eck do I thinkThere are 
> hundreds of thousands of people screaming for you on stage. The Prime 
> Minister and leader of the opposition sit in the
>
>
> This stuff seems to do a pretty good job of defeating baysian, but 
> it's funny it's instantly reconizible to me as SPAM.
> Maybe I need to set up a CRAY in my garage with some AI software to 
> catch this stuff.
>
> hgh.

Jules

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.0 (Build 1112)
Comment: (pgp-secured)
Charset: windows-1252

wj8DBQFFK6dHEfZZRxQVtlQRAtglAJ98aHHFhL3p9NKg66gZVun8RmGMmACfYeVh
GaLfv8nKKj/t9r8QDQ6luxQ=
=VFv1
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk