OT: latinamerican spam
Eduardo Casarero
ecasarero at gmail.com
Tue Mar 10 14:23:57 GMT 2009
2009/3/10 Jason Voorhees <jvoorhees1 at gmail.com>:
> hi:
>
> On Tue, Mar 10, 2009 at 8:15 AM, Eduardo Casarero <ecasarero at gmail.com> wrote:
>> If there is people from latin america (using MailScanner) interested
>> in making regional antispam rules from SA or any other recipe please
>> contact me at my personal email. The idea is to collaborate and
>> improve spamassassin rules based on our regional spam traffic.
>>
>> I really need to improve detection rates ( i've all regular stuff ).
>>
> I'm from Peru. I'm using MailScanner with MCP and some plugins of
> SpamAssassin. These are my antispam techniques:
>
> - RBL checks by SpamAssassin (disabled by MailScanner with "Spam List"
> and "Spam List Domain")
> - razor
> - SpamAssassin auto whitelisting
> - SpamAssassin Bayes autolearning
> - SpamAssassin SPF checks
> - TextCat SpamAssassin plugin
> - A "Relayed by dialup" SpamAssassin plugin
> - SMTP delay greeting at MTA level with Postfix
> - Greylisting at MTA level with sqlgrey
> - Some restrict UCE checks at MTA level
> - Sanesecurity signatures for ClamAV
> - MCP rules with SpamAssassin
>
> Without using MCP rules I see that some spam messages aren't filtered.
> Those spams are in Spanish and almost always from my country or
> Latinoamerica containing "publicidad" word in the subject.
> I just use MCP rules to stop those messages containing "publicidad" like this:
>
> header REGLA_PUBLI1 Subject =~
> /p?.{0,2}[vu].{0,2}b.{0,2}[1\|l].{0,2}.?.{0,2}[zsxc].{0,2}.?.{0,2}d.{0,2}a.{0,2}d/i
> describe REGLA_PUBLI1 Publicidad baneada
> score REGLA_PUBLI1 6
>
> header REGLA_PUBLI12 Subject =~ /p[vu]b[\|l1][\|1i][zxsc][\|1i]d[4a]d/i
> describe REGLA_PUBLI12 Publicidad baneada
> score REGLA_PUBLI12 7
>
> Now there are just a few spam messages (less than 50 maybe in a server
> that generates 20K emails daily) that are passing to the INBOX. Those
> can be moved to a Shared Spam folder where I get its contents via
> fetchmail and IMAP to run sa-learn everyday.
>
> This combination it's working almost perfect for several mailserver
> installations I've done.
> What kind of spam messages aren't you able to filter?
>
I've a similar setup, but not mcp (i'm going to check that) i've
servers on peru with the "publicidad" rule that matchs a lot of spam,
but did you notice spam floods from .info domains (only in peru not in
other latin country)?
Now i'm seeing false negatives with turism advertisers (in spanish)
that spamassasin cant catch, or e-learning. i've written some custom
rules that seems to help but they are not wide enough.
>> Thanks!
>>
>> Eduardo.
>>
>> PD: if there is anyone from Buenos Aires/ Argentina we also can meet
>> to drink a beer in honour to Julian and his great piece of software!
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
More information about the MailScanner
mailing list