OT: latinamerican spam
Jason Voorhees
jvoorhees1 at gmail.com
Tue Mar 10 14:33:29 GMT 2009
On Tue, Mar 10, 2009 at 9:23 AM, Eduardo Casarero <ecasarero at gmail.com> wrote:
> 2009/3/10 Jason Voorhees <jvoorhees1 at gmail.com>:
>> hi:
>>
>> On Tue, Mar 10, 2009 at 8:15 AM, Eduardo Casarero <ecasarero at gmail.com> wrote:
>>> If there is people from latin america (using MailScanner) interested
>>> in making regional antispam rules from SA or any other recipe please
>>> contact me at my personal email. The idea is to collaborate and
>>> improve spamassassin rules based on our regional spam traffic.
>>>
>>> I really need to improve detection rates ( i've all regular stuff ).
>>>
>> I'm from Peru. I'm using MailScanner with MCP and some plugins of
>> SpamAssassin. These are my antispam techniques:
>>
>> - RBL checks by SpamAssassin (disabled by MailScanner with "Spam List"
>> and "Spam List Domain")
>> - razor
>> - SpamAssassin auto whitelisting
>> - SpamAssassin Bayes autolearning
>> - SpamAssassin SPF checks
>> - TextCat SpamAssassin plugin
>> - A "Relayed by dialup" SpamAssassin plugin
>> - SMTP delay greeting at MTA level with Postfix
>> - Greylisting at MTA level with sqlgrey
>> - Some restrict UCE checks at MTA level
>> - Sanesecurity signatures for ClamAV
>> - MCP rules with SpamAssassin
>>
>> Without using MCP rules I see that some spam messages aren't filtered.
>> Those spams are in Spanish and almost always from my country or
>> Latinoamerica containing "publicidad" word in the subject.
>> I just use MCP rules to stop those messages containing "publicidad" like this:
>>
>> header REGLA_PUBLI1 Subject =~
>> /p?.{0,2}[vu].{0,2}b.{0,2}[1\|l].{0,2}.?.{0,2}[zsxc].{0,2}.?.{0,2}d.{0,2}a.{0,2}d/i
>> describe REGLA_PUBLI1 Publicidad baneada
>> score REGLA_PUBLI1 6
>>
>> header REGLA_PUBLI12 Subject =~ /p[vu]b[\|l1][\|1i][zxsc][\|1i]d[4a]d/i
>> describe REGLA_PUBLI12 Publicidad baneada
>> score REGLA_PUBLI12 7
>>
>> Now there are just a few spam messages (less than 50 maybe in a server
>> that generates 20K emails daily) that are passing to the INBOX. Those
>> can be moved to a Shared Spam folder where I get its contents via
>> fetchmail and IMAP to run sa-learn everyday.
>>
>> This combination it's working almost perfect for several mailserver
>> installations I've done.
>> What kind of spam messages aren't you able to filter?
>>
>
> I've a similar setup, but not mcp (i'm going to check that) i've
> servers on peru with the "publicidad" rule that matchs a lot of spam,
> but did you notice spam floods from .info domains (only in peru not in
> other latin country)?
Yes, they come from .info domains almost 95% of times, but I don't
blacklist them, I let MCP do the work with "publicidad" filter.
Anyway, there's a lot of spam coming from Argentina (specially from
Fibertel clients) that I can block at MTA level with UCE controls.
> Now i'm seeing false negatives with turism advertisers (in spanish)
> that spamassasin cant catch, or e-learning. i've written some custom
> rules that seems to help but they are not wide enough.
>
What's the size of those messages? Do they contain only images with
turism advertising? Where do they come from? Do the come from ADSL
peers?
It would be useful to share with us all information you can get from
them, so maybe we can improve your antispam configuration because I
know that english spam messages are easy to block but isn't so simple
in Spanish.
>
>
>>> Thanks!
>>>
>>> Eduardo.
>>>
>>> PD: if there is anyone from Buenos Aires/ Argentina we also can meet
>>> to drink a beer in honour to Julian and his great piece of software!
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
More information about the MailScanner
mailing list