A lot of spam getting through

Mon Apr 30 19:41:31 IST 2007

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Billy A.
> Pumphrey
> Sent: 30 April 2007 19:15
> To: MailScanner discussion
> Subject: A lot of spam getting through
>
>
> Hello everyone.  I am having quite a few spam get through.  I thought
> that I had quite a few things installed and configured correctly.
> Actually they used to work really well then when I had to rebuild bayes
> as there were too many FP and turn off RBL's, then a lot of spam are
> getting through.  Somewhere around 50-100 per user are seemingly getting
> through on a weekend.  I have put down as much information as I thought
> about for my configuration.  I am looking for recommendations to
> recrease my block rate.  Please let me know if I left any information
> out.  jThank you.

I would suggest a few things:-

1) Enable RBL's again. If you have FP of some of them then you can reduce
the score a little manually.

2) Install Fuzzyocr which works well at detecting the image spams
(http://www.gbnetwork.co.uk/mailscanner/ for the URL's)

3) Install and regularly update the KAM rules which are very frequently
updated rules to catch the latest spams. Again the URL is on the site above.

5) Tweak any scores for you particular site. For example I tend to reduce
the -ve scores bayes rules and increase the razor scores :-
score BAYES_00 -0.5
score BAYES_05 -0.1
score BAYES_20 -0.01
score BAYES_40 -0.01
score BAYES_99  5.0
score DEAR_SOMETHING 1
score RAZOR2_CF_RANGE_51_100 1.0
score RAZOR2_CF_RANGE_E4_51_100 2.0
score RAZOR2_CF_RANGE_E8_51_100 2.0
score RAZOR2_CHECK 1.0

6) Make use of the whitelist feature for some addresses which tend to get
blocked. You will always get some.