A lot of spam getting through

Gareth list-mailscanner at linguaphone.com
Mon Apr 30 21:59:02 IST 2007 

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Billy A.
> Pumphrey
> Sent: 30 April 2007 21:47
> To: MailScanner discussion
> Subject: RE: A lot of spam getting through
>
>
> I have done quite a bit of the below.  See my notes please.
> Thank you lots!
>
> >
> > I would suggest a few things:-
> >
> > 1) Enable RBL's again. If you have FP of some of them then you can
> reduce
> > the score a little manually.
> >
> > 2) Install Fuzzyocr which works well at detecting the image spams
> > (http://www.gbnetwork.co.uk/mailscanner/ for the URL's)
>
> I got this installed and a lint shows OK.

Have a look at http://www.freespamfilter.org/forum/viewforum.php?f=25
That forum although quiet has some good tips for additional fuzzyocr
configuration such as additional words and scansets. Did you install gocr
and ocrad OCR plugins?

> > 4) Add this following custom rule to match those spams which just link
> to
> > a
> > picture.
> > uri             GRB_Imagehost
> > /\.(?:|imageshack|2and2|afreeimagehost|imagehosting)\.(?:com|net|us)/i
> > score           GRB_Imagehost  1.0
> > describe        GRB_Imagehost  Linking to free image hosting service
> >
>
> I got this installed and a lint shows OK.  I assumed that I just create
> a file named xxxxx.cf and copy and paste it into the file?  That is what
> I did.

Yes you could just add it to local.cf if you want. I have a file containing
all my rules I have written myself so it is just part of that.
For example for historical reasons there are addresses we have which only
ever receive spam and lots of it. I have our server to delete any identified
spam so I just see things that slip through.
Typically these are new stock spam until razor and pyzor catch up but I
normally immediatly write a new rule to catch them (similar to what the KAM
author does).

> > 5) Tweak any scores for you particular site. For example I tend to
> reduce
> > the -ve scores bayes rules and increase the razor scores :-
> > score BAYES_00 -0.5
> > score BAYES_05 -0.1
> > score BAYES_20 -0.01
> > score BAYES_40 -0.01
> > score BAYES_99  5.0
> > score DEAR_SOMETHING 1
> > score RAZOR2_CF_RANGE_51_100 1.0
> > score RAZOR2_CF_RANGE_E4_51_100 2.0
> > score RAZOR2_CF_RANGE_E8_51_100 2.0
> > score RAZOR2_CHECK 1.0
> >
>
> Is the local.cf file where this goes?

local.cf is fine. I put mine in mailscanner.cf just to keep the
customisations together.

More information about the MailScanner mailing list