[lug] Spam solutions

Sat Jan 20 20:27:25 MST 2007

Has your spam been on the increase in the last several month like mine has?
When I was testing for a few days with all blocking turned off, I got more
than 100 spams per day.  Not bad by a lot of people's standards, but
irritating enough for me to do something about it.

Last week I got sick of it and went looking for a better setup, and I think I
have found a really good one.  I'm now using amavis/spamassassin/postfix,
where amavis hooks into postfix at SMTP-time and calls spamassassin for each
message, so anything identified as spam (with a high score) is given a SMTP
delivery failure (with SMTP, if you don't accept it, you're not responsible
for it).  I modified the amavis source so that the SMTP rejection message has
my voicemail in case it hits any legit mail (unlikely with a spamassassin
score cutoff of 10).  I like this because it leaves a whole lot less spam I
need to manually verify to prevent false positives, but as has been pointed
out by many people, this technique will only work for a very low-volume mail
server.  Lower score spam is tagged and delivered as usual.  Spamassassin is
really impressive these days, it has a bayes filter, two collaborative systems
(dcc and razor), and uses the blacklists as scoring considerations instead of
using them directly, and most importantly, it only takes a few minutes to
configure (at least with the Debian package).  I seem to be getting about
95-97% spam correctly identified, and so far no false positives with a cutoff
of 10.

I used this page for inspiration:

http://flakshack.com/anti-spam/archive-05-2004.html

although it's a bit out of date, and with Debian nearly everything in
there is taken care of for you already.  It's always good to know what's going
on though, even if your distro has a good default config.

Greylisting was working fairly well (I figure it was about 60% effective
recently), but the postgrey greylisting daemon hangs every once in a while,
completely shutting down mail delivery until I kill -9 it, so I turned it off.
I submitted a bug report, but only a few people see this problem and no one
seems to know what's causing it.  It's a shame, because other than that
postgrey is a very good greylisting implementation.

Also, spamassassin makes it really easy to "unsubscribe" to all those stupid
newsletters and so on that I keep getting added to.  Now they'll just get
bounced, and I'll never see them.  Everybody I ever buy anything from online
seems to sign me up for their newsletter (without asking me), and this makes
it super-easy to block those before delivery just by adding a line to the
spamassassin conf.  Sure beats spending several minutes begging each stupid
vendor through their web-based unsubscribe form that conveniently never seems
to work.