A lot of spam getting through

Billy A. Pumphrey bpumphrey at woodmclaw.com
Mon Apr 30 21:46:46 IST 2007

I have done quite a bit of the below.  See my notes please.
Thank you lots!

> I would suggest a few things:-
> 1) Enable RBL's again. If you have FP of some of them then you can
> the score a little manually.
> 2) Install Fuzzyocr which works well at detecting the image spams
> (http://www.gbnetwork.co.uk/mailscanner/ for the URL's)

I got this installed and a lint shows OK.

> 3) Install and regularly update the KAM rules which are very
> updated rules to catch the latest spams. Again the URL is on the site
> above.

I got this installed and a lint shows OK.

> 4) Add this following custom rule to match those spams which just link
> a
> picture.
> uri             GRB_Imagehost
> /\.(?:|imageshack|2and2|afreeimagehost|imagehosting)\.(?:com|net|us)/i
> score           GRB_Imagehost  1.0
> describe        GRB_Imagehost  Linking to free image hosting service

I got this installed and a lint shows OK.  I assumed that I just create
a file named xxxxx.cf and copy and paste it into the file?  That is what
I did.

> 5) Tweak any scores for you particular site. For example I tend to
> the -ve scores bayes rules and increase the razor scores :-
> score BAYES_00 -0.5
> score BAYES_05 -0.1
> score BAYES_20 -0.01
> score BAYES_40 -0.01
> score BAYES_99  5.0
> score RAZOR2_CF_RANGE_51_100 1.0
> score RAZOR2_CF_RANGE_E4_51_100 2.0
> score RAZOR2_CF_RANGE_E8_51_100 2.0
> score RAZOR2_CHECK 1.0

Is the local.cf file where this goes?

> 6) Make use of the whitelist feature for some addresses which tend to
> blocked. You will always get some.


More information about the MailScanner mailing list