Saturday, December 23

Geek

I've Got You Under My Thumb

For some time I've been running a mix of SpamAssassin on the server and Thunderbird junk mail controls and message filters to keep my email under control. I had SpamAssassin just marking email, not deleting it, and then went into my Junk folder every two or three days to see if there was anything that had been misdirected that I needed to attend to.

Over the last few months, the frequency of my visits to the Junk folder have increased to every day, then to two or three times a day, then every two or three hours. Even though I have filters set to auto-delete the obvious crap, I'm getting something like 2000 emails a day, 99% of them spam.

No more.

Today I set SpamAssassin to auto-delete at 9, and set the value for BAYES_99 to 7. (I'm tempted to bump that up to 8.8.)

Unfortunately, since I monitor email for all of mu.nu - bounces, abuse reports, that sort of thing - I need to receive things that set off a lot of normal spam flags. I don't want to, but if I don't keep an eye on things then sooner or later I'll be hearing from our hosting company. (The PHP spam incident I refer to below was one that I caught and fixed without anyone at SoftLayer being troubled because I saw the sudden increase in bounce messages.)

Fortunately the Bayesian filtering in SpamAssassin seems to be very reliable, and a 99% rating plus two points worth of other spammy traits will now relieve me of ever seeing the message. I've seen valid messages get Bayes ratings of 40 or so, but that won't get zapped unless you're doing a lot of other things wrong.

Seems to be working. I'm still getting the occasional spam through to Thunderbird - at a setting of 9, SpamAssassin doesn't catch those blasted PHYA pump-and-dump spams - but most of it is then gets eaten by my filter rules.

And a blessed peace descended upon Pixy Central...

Posted by: Pixy Misa at 01:11 AM | Comments (4) | Add Comment | Trackbacks (Suck)
Post contains 349 words, total size 2 kb.

1

Does SA support greylisting?  Googling around shows a bunch of sound and fury about people using greylisting in conjunction with SA, but the only references to greylisting I see on SA's site refer to external implementations.

I've been using ASSP (http://assp.sourceforge.net/) for a number of years; their current version supports greylisting (http://www.asspsmtp.org/wiki/Delaying) which might do the trick for stock spam.

ymmv, of course.

Posted by: bkw at Saturday, December 23 2006 02:32 AM (h/KQ9)

2 No, SA only runs after the message is received, so it can't do that.  Sounds very effective though.

Posted by: Pixy Misa at Saturday, December 23 2006 06:09 AM (A9tur)

3 I also run ASSP for a bunch of domains and it is very effective.  The greylisting has only ever blocked 2 valid emails I know of (both I believe were because of badly configured mail servers at the senders side) and reduces the amount of tagged emails for review to a very manageable level.

Posted by: Kean at Saturday, December 23 2006 10:32 PM (wsm1+)

4 Heh, spam is becoming a primary driver for AI tech.

Posted by: TallDave at Thursday, January 18 2007 10:02 PM (odS+4)

Hide Comments | Add Comment

Comments are disabled. Post is locked.
47kb generated in CPU 0.0167, elapsed 0.6641 seconds.
56 queries taking 0.6528 seconds, 329 records returned.
Powered by Minx 1.1.6c-pink.