[lug] Stopping the New Generation of Spam
John Starkey
jstarkey at breezedev.com
Sun Dec 3 12:35:51 MST 2006
I'm not a spam/spamassassin expert, but I was able to calm things down
(from 200 uncaught spams every morning to 10 or so). Evidently the
spammers have gotten pretty good a de-programming Bayes filters. What I
did was set up a Ham box and a Spam box and started keeping all
messages. I also added about 25,000 message from 4 years of business
collab to the Ham box. Then I did an sa-learn.
If they've gotten that good at fooling Bayes, I'm sure I'll have to do
it on a regular basis. My spam attempts on three domains went from 7,000
per day to 36,000 over a period of a few weeks.
John
Bill Thoen wrote:
> Over the last 2-3 months I've been getting a *lot* more spam than ever
> before and Spamassassin doesn't seem to be reacting fast enough or
> effectively enough to deal with it. In particular, it doesn't seem to be
> able to block these messages filled with random snippets of english
> text and/or those where the message is embedded as an image. It also looks
> like some of these spams are coming form large networks of compromised
> machines (same message comes from many different unrelated IPs) so blocking
> by IP is less effective. I used to get about 250 spams a day, but now it's
> up to 350-500 a day, and it's increasing.
>
> How are people dealing with this new onslaught? What sort of filtering or
> tools work these days? If this keeps up it will eventually overwhelm my
> little Linux server and become sort of indistinguishable from a Denial of
> Service attack!
>
> Or is this just the holiday rush where all the spammers just squeal louder
> and shove harder trying to get their snouts into the trough?
>
> - Bill Thoen
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
More information about the LUG
mailing list