Suggestions to block big spam messages

Glenn Steen glenn.steen at gmail.com
Wed Jan 28 14:46:46 GMT 2009


2009/1/28 Jason Voorhees <jvoorhees1 at gmail.com>:
> Hi there:
>
> I'm running a Linux box as a gateway AntiSpam with SpamAssassin &
> MailScanner. I think my antispam system works very nice. I use some
> techniques like:
>
> - UCE control at postfix level
> - SMTP delay greeting at postfix level
> - Greylisting at postfix level
> - Custom MCP checks with MailScanner
> - razor plugin with SpamAssassin
> - SPF checks with SpamAssassin
> - A 'relayed by dialup' plugin in SpamAssassin
> - RBL checks with SpamAssassin
> - SpamAssassin learning trough reading a shared spam folder with fetchmail
> - Maybe something else I don't remember...
>
> The problem is that I'm receiving some spam not detected by all these
> techniques because the size of the message is about 300KB, bigger than
> "Max Spam Check Size" in MailScanner.conf
> By now I only detected that all those spam messages come always from
> *.info domains, so I included *.info in my MailScanner blacklist
> because I never receive valid messages from those domains. However I
> don't feel this is a good way to solve the issue.
>
> What recommendations could you give me to block this kind of spam
> efficiently? It would be neccesary to increase the value of "Max Spam
> Check Size"? I don't believe it, right?
>
No, I'd do exactly that.
Mine is was set to ~ 3.5 MiB until recently, when I doubled it.
If you think that too drastic a measure, at least up it to 500KiB and
see how you get on.

> I hope someone can advice me a little in this antispam battle. Thanks, bye :)

Then there is certainly other additions you might consider, like
CRM114, DCC etc... which might help a bit further.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list